CVE-2023-4202

CVE-2023-4202 is a significant software vulnerability identified in the firmware of EKI-1524-CE, EKI-1522-CE, and EKI-1521-CE series devices, specifically version 1.21. This flaw pertains to stored Cross-Site Scripting (XSS), a type of security vulnerability typically found in web applications. XSS enables attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access, data theft, or other harmful outcomes. The vulnerability was discovered as part of two distinct stored XSS flaws present within these devices, the other being CVE-2023-4203. These vulnerabilities allow an attacker to exploit the system by storing malicious scripts on the device's firmware. When other users interact with the compromised device, the stored scripts are executed, compromising the user's system. The discovery of these vulnerabilities underscores the importance of regular security audits and updates for all software systems. Users of the affected EKI-1524-CE, EKI-1522-CE, and EKI-1521-CE series devices should immediately update their firmware to a newer, secure version if available. In the absence of such an update, they should consider alternative measures to mitigate the risk, such as restricting access to the device or using additional security tools to detect and prevent XSS attacks.