CVE-2024-50377

Published Nov 26, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.
Source: prodsec@nozominetworks.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 5.9
Exploitability score: 0.6
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

prodsec@nozominetworks.com: CWE-78

Hype score: Not currently trending

CVE-2024-50377 A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.… https://t.co/uLNrQnM79f
@CVEnew
26 Nov 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References