Authenticated Buffer Overflow

CVE-2023-2575

8.8HIGH

Key Information

Vendor: Advantech
Status: EKI-1524; EKI-1522; EKI-1521
Vendor: CVE Published:; 8 May 2023

Summary

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.

Affected Version(s)

EKI-1524 <= 1.21

EKI-1522 <= 1.21

EKI-1521 <= 1.21

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved.
May 8, 2023
Vulnerability published.
May 8, 2023

Collectors

NVD DatabaseMitre Database

Credit

S. Dietz (CyberDanube)

T. Weber (CyberDanube)