A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
CPEs | cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2024-11-26T10:55:58.526Z
Updated: 2024-11-26T14:19:26.231Z
Reserved: 2024-10-23T07:55:58.311Z
Link: CVE-2024-50371
Vulnrichment
Updated: 2024-11-26T14:10:26.883Z
NVD
Status : Received
Published: 2024-11-26T11:22:06.050
Modified: 2024-11-26T11:22:06.050
Link: CVE-2024-50371
Redhat
No data.