CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-50372

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 74.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50372

Products affected by CVE-2024-50372

Advantech » Eki-6333ac-1gpo » Version: N/A

cpe:2.3:h:advantech:eki-6333ac-1gpo:-
Advantech » Eki-6333ac-2g » Version: N/A

cpe:2.3:h:advantech:eki-6333ac-2g:-
Advantech » Eki-6333ac-2gd » Version: N/A

cpe:2.3:h:advantech:eki-6333ac-2gd:-
Advantech » Eki-6333ac-1gpo Firmware » Version: Any

cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*
Advantech » Eki-6333ac-2g Firmware » Version: Any

cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*
Advantech » Eki-6333ac-2gd Firmware » Version: Any

cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-50372

Products

Pricing

Contact Us