- Description
- A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation.
- Source
- prodsec@nozominetworks.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- prodsec@nozominetworks.com
- CWE-78
- Hype score
- Not currently trending
⚠️ CVE-2024-50370 🖥️ Advantech EKI 💬 unauthenticated RCE with root privileges 🔗 https://t.co/A7Tkc1Y0VQ 6 vulnerabilities allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service (DoS) condition.… https://t.
@signorina37H
29 Nov 2024
1035 Impressions
8 Retweets
17 Likes
1 Bookmark
0 Replies
0 Quotes
More than Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP: CVE-2024-50370 CVE-2024-50374 CVE-2024-50375 CVE-2024-50376 CVE-2024-50359 https://t.co/Vojq55h9Oq
@vault33org
29 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-50370: CRITICAL] Vulnerability alert: CWE-78 discovered in Advantech devices (EKI-6333AC-2G, EKI-6333AC-2GD, EKI-6333AC-1GPO). Allows remote unauthenticated users to execute malicious commands.#cybersecurity,#vulnerability https://t.co/07MWd1WWh7 https://t.co/GZw5z8U6Fw
@CveFindCom
26 Nov 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes