CVE-2023-2573: Authenticated Command Injection
First published: Mon May 08 2023(Updated: )
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
Credit: office@cyberdanube.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech Eki-1521 Firmware | <=1.21 | |
| Advantech Eki-1521 | ||
| Advantech Eki-1522 Firmware | <=1.21 | |
| Advantech Eki-1522 | ||
| Advantech Eki-1524 Firmware | <=1.21 | |
| Advantech EKI-1524 |
Remedy
Install firmware 1.24 to fix the issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3
- https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT
- https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL
- http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2023/May/4
- https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability?
The vulnerability ID for this command injection vulnerability is CVE-2023-2573.
Which devices are affected by this command injection vulnerability?
Advantech EKI-1524, EKI-1522, and EKI-1521 devices through version 1.21 are affected by this command injection vulnerability.
How can this command injection vulnerability be triggered?
This command injection vulnerability can be triggered by authenticated users via a crafted POST request in the NTP server input field.
What is the severity rating of CVE-2023-2573?
CVE-2023-2573 has a severity rating of 8.8 (high).
Are there any fixes available for this command injection vulnerability?
Yes, Advantech has released firmware updates to address this command injection vulnerability. Refer to the manufacturer's support website for the appropriate firmware update.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/title
- agent/remedy
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/advantech
- canonical/advantech eki-1521 firmware
- version/advantech eki-1521 firmware/1.21
- canonical/advantech eki-1521
- canonical/advantech eki-1522 firmware
- version/advantech eki-1522 firmware/1.21
- canonical/advantech eki-1522
- canonical/advantech eki-1524 firmware
- version/advantech eki-1524 firmware/1.21
- canonical/advantech eki-1524