A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
History

Tue, 26 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Advantech
Advantech eki-6333ac-1gpo Firmware
Advantech eki-6333ac-2g Firmware
Advantech eki-6333ac-2gd Firmware
CPEs cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*
Vendors & Products Advantech
Advantech eki-6333ac-1gpo Firmware
Advantech eki-6333ac-2g Firmware
Advantech eki-6333ac-2gd Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 26 Nov 2024 11:15:00 +0000

Type Values Removed Values Added
Description A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2024-11-26T10:55:58.526Z

Updated: 2024-11-26T14:19:26.231Z

Reserved: 2024-10-23T07:55:58.311Z

Link: CVE-2024-50371

cve-icon Vulnrichment

Updated: 2024-11-26T14:10:26.883Z

cve-icon NVD

Status : Received

Published: 2024-11-26T11:22:06.050

Modified: 2024-11-26T11:22:06.050

Link: CVE-2024-50371

cve-icon Redhat

No data.