CVE-2023-2573

Name of the Vulnerable Software and Affected Versions Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21

Description The issue is related to a command injection vulnerability in the NTP server input field. This vulnerability can be triggered by authenticated users via a crafted POST request, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling access to the NTP server input field until a patch is available. Restrict access to the vulnerable devices to minimize the risk of exploitation. Avoid using the NTP server input field in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.