cve/2023/CVE-2023-2575.md

### [CVE-2023-2575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2575)
![](https://img.shields.io/static/v1?label=Product&message=EKI-1521&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=EKI-1522&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=EKI-1524&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%201.21%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen)

### Description

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.

### POC

#### Reference
- http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2023/May/4
- https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/

#### Github
No PoCs found on GitHub currently.