Search criteria
60 vulnerabilities found for eki-6333ac-2g_firmware by advantech
CVE-2024-50377 (GCVE-0-2024-50377)
Vulnerability from nvd – Published: 2024-11-26 10:57 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:06:13.498542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:25.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-798 \"Use of Hard-coded Credentials\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password."
}
],
"value": "A CWE-798 \"Use of Hard-coded Credentials\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:27:34.173Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50377"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50377",
"datePublished": "2024-11-26T10:57:27.054Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:25.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50376 (GCVE-0-2024-50376)
Vulnerability from nvd – Published: 2024-11-26 10:57 – Updated: 2024-11-26 14:09
VLAI?
Summary
A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.
Severity ?
7.3 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:58.748636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:22.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-79 \"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID."
}
],
"value": "A CWE-79 \"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:27:26.192Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50376"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50376",
"datePublished": "2024-11-26T10:57:14.296Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:09:22.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50374 (GCVE-0-2024-50374)
Vulnerability from nvd – Published: 2024-11-26 10:56 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:10:55.509356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:25.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"capture_packages\" operation."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"capture_packages\" operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:27:11.826Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50374"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50374",
"datePublished": "2024-11-26T10:56:28.680Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:25.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50375 (GCVE-0-2024-50375)
Vulnerability from nvd – Published: 2024-11-26 10:57 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:10:48.241907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:25.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-306 \"Missing Authentication for Critical Function\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point."
}
],
"value": "A CWE-306 \"Missing Authentication for Critical Function\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:27:19.023Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50375"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50375",
"datePublished": "2024-11-26T10:57:03.468Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:25.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50371 (GCVE-0-2024-50371)
Vulnerability from nvd – Published: 2024-11-26 10:55 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:19.188383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:26.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"wlan_scan\" operation."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"wlan_scan\" operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:48.500Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50371"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50371",
"datePublished": "2024-11-26T10:55:58.526Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:26.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50372 (GCVE-0-2024-50372)
Vulnerability from nvd – Published: 2024-11-26 10:56 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:11.452183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:26.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"backup_config_to_utility\" operation."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"backup_config_to_utility\" operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:55.560Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50372"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50372",
"datePublished": "2024-11-26T10:56:08.644Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:26.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50373 (GCVE-0-2024-50373)
Vulnerability from nvd – Published: 2024-11-26 10:56 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:04.352815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:25.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"restore_config_from_utility\" operation."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"restore_config_from_utility\" operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:27:04.024Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50373"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50373",
"datePublished": "2024-11-26T10:56:18.987Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:25.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50370 (GCVE-0-2024-50370)
Vulnerability from nvd – Published: 2024-11-26 10:55 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:28.496361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:26.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"cfg_cmd_set_eth_conf\" operation."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"cfg_cmd_set_eth_conf\" operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:39.677Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50370"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50370",
"datePublished": "2024-11-26T10:55:45.151Z",
"dateReserved": "2024-10-23T07:55:58.311Z",
"dateUpdated": "2024-11-26T14:19:26.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50369 (GCVE-0-2024-50369)
Vulnerability from nvd – Published: 2024-11-26 10:55 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssid_htm" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:37.403098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:26.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"multiple_ssid_htm\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"multiple_ssid_htm\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:31.178Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50369"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50369",
"datePublished": "2024-11-26T10:55:29.755Z",
"dateReserved": "2024-10-23T07:55:58.310Z",
"dateUpdated": "2024-11-26T14:19:26.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50367 (GCVE-0-2024-50367)
Vulnerability from nvd – Published: 2024-11-26 10:55 – Updated: 2024-11-26 15:37
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:37:05.528245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:37:10.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"sta_log_htm\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"sta_log_htm\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:11.882Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50367"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50367",
"datePublished": "2024-11-26T10:55:06.118Z",
"dateReserved": "2024-10-23T07:55:56.656Z",
"dateUpdated": "2024-11-26T15:37:10.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50368 (GCVE-0-2024-50368)
Vulnerability from nvd – Published: 2024-11-26 10:55 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:44.207206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:26.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"basic_htm\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"basic_htm\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:22.641Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50368"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50368",
"datePublished": "2024-11-26T10:55:16.384Z",
"dateReserved": "2024-10-23T07:55:58.310Z",
"dateUpdated": "2024-11-26T14:19:26.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50365 (GCVE-0-2024-50365)
Vulnerability from nvd – Published: 2024-11-26 10:54 – Updated: 2024-11-26 14:46
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:46:14.274310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:46:21.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"lan_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"lan_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:25:51.031Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50365",
"datePublished": "2024-11-26T10:54:43.728Z",
"dateReserved": "2024-10-23T07:55:56.655Z",
"dateUpdated": "2024-11-26T14:46:21.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50366 (GCVE-0-2024-50366)
Vulnerability from nvd – Published: 2024-11-26 10:54 – Updated: 2024-11-26 14:19
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:11:50.487229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:19:26.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"applications_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"applications_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:26:01.513Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50366"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50366",
"datePublished": "2024-11-26T10:54:55.541Z",
"dateReserved": "2024-10-23T07:55:56.656Z",
"dateUpdated": "2024-11-26T14:19:26.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50362 (GCVE-0-2024-50362)
Vulnerability from nvd – Published: 2024-11-26 10:54 – Updated: 2024-11-26 14:47
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "connection_profile_apply" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:47:34.455793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:47:41.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"connection_profile_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"connection_profile_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:25:17.266Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50362"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50362",
"datePublished": "2024-11-26T10:54:03.960Z",
"dateReserved": "2024-10-23T07:55:56.655Z",
"dateUpdated": "2024-11-26T14:47:41.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50364 (GCVE-0-2024-50364)
Vulnerability from nvd – Published: 2024-11-26 10:54 – Updated: 2024-11-26 14:46
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "export_log" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:46:28.644094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:46:34.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"export_log\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"export_log\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:25:40.520Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50364"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50364",
"datePublished": "2024-11-26T10:54:32.798Z",
"dateReserved": "2024-10-23T07:55:56.655Z",
"dateUpdated": "2024-11-26T14:46:34.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50363 (GCVE-0-2024-50363)
Vulnerability from nvd – Published: 2024-11-26 10:54 – Updated: 2024-11-26 14:46
VLAI?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Advantech | EKI-6333AC-2G |
Affected:
0 , ≤ <= 1.6.3
(semver)
|
||||||||||||
|
||||||||||||||
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2g_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-2gd_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eki-6333ac-1gpo_firmware",
"vendor": "advantech",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:46:54.867164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:46:59.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2G",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-2GD",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EKI-6333AC-1GPO",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) and EKI-6333AC-1GPO (\u0026lt;= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"mp_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"mp_apply\" API which are not properly sanitized before being concatenated to OS level commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:25:31.876Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50363"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update affected products to the following firmware versions released by Advantech:\u003cbr\u003e- EKI-6333AC-2G: v1.6.5\u003cbr\u003e- EKI-6333AC-2GD: v1.6.5\u003cbr\u003e- EKI-6333AC-1GPO: v1.2.2"
}
],
"value": "Update affected products to the following firmware versions released by Advantech:\n- EKI-6333AC-2G: v1.6.5\n- EKI-6333AC-2GD: v1.6.5\n- EKI-6333AC-1GPO: v1.2.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-50363",
"datePublished": "2024-11-26T10:54:20.523Z",
"dateReserved": "2024-10-23T07:55:56.655Z",
"dateUpdated": "2024-11-26T14:46:59.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-50377
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:01
Severity ?
Summary
A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50377 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-798 \"Use of Hard-coded Credentials\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-798 \"Uso de credenciales codificadas de forma r\u00edgida\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad est\u00e1 asociada a la funcionalidad de configuraci\u00f3n de copias de seguridad que, de forma predeterminada, cifra los archivos mediante una contrase\u00f1a est\u00e1tica."
}
],
"id": "CVE-2024-50377",
"lastModified": "2026-01-23T18:01:59.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:08.767",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50377"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-50376
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:07
Severity ?
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50376 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79 \"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-79 \"Neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027Cross-site Scripting\u0027)\" que afectaba a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad se puede explotar de forma remota utilizando un punto de acceso Wi-Fi no autorizado con un SSID malicioso."
}
],
"id": "CVE-2024-50376",
"lastModified": "2026-01-23T18:07:48.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-26T11:22:08.323",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50376"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-50375
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:09
Severity ?
Summary
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50375 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-306 \"Missing Authentication for Critical Function\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-306 \"Falta de autenticaci\u00f3n para funci\u00f3n cr\u00edtica\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad puede ser explotada por usuarios remotos no autenticados capaces de interactuar con el servicio \"edgserver\" predeterminado habilitado en el punto de acceso."
}
],
"id": "CVE-2024-50375",
"lastModified": "2026-01-23T18:09:09.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:07.867",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50375"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-50374
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:10
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50374 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"capture_packages\" operation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad puede ser explotada por usuarios remotos no autenticados capaces de interactuar con el servicio \"edgserver\" predeterminado habilitado en el punto de acceso y se ejecutan comandos maliciosos con privilegios de superusuario. No hay autenticaci\u00f3n habilitada en el servicio y la fuente de la vulnerabilidad reside en el c\u00f3digo de procesamiento asociado a la operaci\u00f3n \"capture_packages\"."
}
],
"id": "CVE-2024-50374",
"lastModified": "2026-01-23T18:10:52.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:07.403",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50374"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50373
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:12
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50373 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"restore_config_from_utility\" operation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad puede ser explotada por usuarios remotos no autenticados capaces de interactuar con el servicio \"edgserver\" predeterminado habilitado en el punto de acceso y se ejecutan comandos maliciosos con privilegios de superusuario. No hay autenticaci\u00f3n habilitada en el servicio y la fuente de la vulnerabilidad reside en el c\u00f3digo de procesamiento asociado a la operaci\u00f3n \"restore_config_from_utility\"."
}
],
"id": "CVE-2024-50373",
"lastModified": "2026-01-23T18:12:18.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:06.930",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50373"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50372
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:12
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50372 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"backup_config_to_utility\" operation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad puede ser explotada por usuarios remotos no autenticados capaces de interactuar con el servicio \"edgserver\" predeterminado habilitado en el punto de acceso y se ejecutan comandos maliciosos con privilegios de superusuario. No hay autenticaci\u00f3n habilitada en el servicio y la fuente de la vulnerabilidad reside en el c\u00f3digo de procesamiento asociado a la operaci\u00f3n \"backup_config_to_utility\"."
}
],
"id": "CVE-2024-50372",
"lastModified": "2026-01-23T18:12:46.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:06.457",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50372"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50371
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:13
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50371 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"wlan_scan\" operation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad puede ser explotada por usuarios remotos no autenticados capaces de interactuar con el servicio \"edgserver\" predeterminado habilitado en el punto de acceso y se ejecutan comandos maliciosos con privilegios de superusuario. No hay autenticaci\u00f3n habilitada en el servicio y la fuente de la vulnerabilidad reside en el c\u00f3digo de procesamiento asociado a la operaci\u00f3n \"wlan_scan\"."
}
],
"id": "CVE-2024-50371",
"lastModified": "2026-01-23T18:13:17.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:06.050",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50371"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50369
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:14
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssid_htm" API which are not properly sanitized before being concatenated to OS level commands.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50369 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"multiple_ssid_htm\" API which are not properly sanitized before being concatenated to OS level commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comandos del SO\u0027)\" que afectaba a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La fuente de la vulnerabilidad se basa en m\u00faltiples par\u00e1metros pertenecientes a la API \"multiple_ssid_htm\" que no se desinfectan correctamente antes de concatenarse con comandos de nivel del SO."
}
],
"id": "CVE-2024-50369",
"lastModified": "2026-01-23T18:14:20.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:05.147",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50369"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50370
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:13
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50370 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default \"edgserver\" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the \"cfg_cmd_set_eth_conf\" operation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La vulnerabilidad puede ser explotada por usuarios remotos no autenticados capaces de interactuar con el servicio \"edgserver\" predeterminado habilitado en el punto de acceso y se ejecutan comandos maliciosos con privilegios de superusuario. No hay autenticaci\u00f3n habilitada en el servicio y la fuente de la vulnerabilidad reside en el c\u00f3digo de procesamiento asociado a la operaci\u00f3n \"cfg_cmd_set_eth_conf\"."
}
],
"id": "CVE-2024-50370",
"lastModified": "2026-01-23T18:13:51.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:05.563",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50370"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50367
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:17
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50367 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"sta_log_htm\" API which are not properly sanitized before being concatenated to OS level commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La fuente de la vulnerabilidad se basa en m\u00faltiples par\u00e1metros pertenecientes a la API \"sta_log_htm\" que no se desinfectan correctamente antes de concatenarse con comandos de nivel del SO."
}
],
"id": "CVE-2024-50367",
"lastModified": "2026-01-23T18:17:05.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:04.287",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50367"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50368
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:16
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" API which are not properly sanitized before being concatenated to OS level commands.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50368 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"basic_htm\" API which are not properly sanitized before being concatenated to OS level commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afectaba a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La fuente de la vulnerabilidad se basa en m\u00faltiples par\u00e1metros pertenecientes a la API \"basic_htm\" que no se desinfectan correctamente antes de concatenarse con comandos de nivel del SO."
}
],
"id": "CVE-2024-50368",
"lastModified": "2026-01-23T18:16:41.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:04.710",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50368"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50366
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 18:17
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50366 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"applications_apply\" API which are not properly sanitized before being concatenated to OS level commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comandos del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La fuente de la vulnerabilidad se basa en m\u00faltiples par\u00e1metros pertenecientes a la API \"applications_apply\" que no se desinfectan correctamente antes de concatenarse con comandos de nivel del SO."
}
],
"id": "CVE-2024-50366",
"lastModified": "2026-01-23T18:17:38.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:03.853",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50366"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50365
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 19:33
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50365 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"lan_apply\" API which are not properly sanitized before being concatenated to OS level commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afectaba a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La fuente de la vulnerabilidad se basa en m\u00faltiples par\u00e1metros pertenecientes a la API \"lan_apply\" que no se desinfectan correctamente antes de concatenarse con comandos de nivel del SO."
}
],
"id": "CVE-2024-50365",
"lastModified": "2026-01-23T19:33:47.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:03.430",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50365"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50363
Vulnerability from fkie_nvd - Published: 2024-11-26 11:22 - Updated: 2026-01-23 19:38
Severity ?
Summary
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands.
References
| URL | Tags | ||
|---|---|---|---|
| prodsec@nozominetworks.com | https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50363 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | eki-6333ac-2g_firmware | * | |
| advantech | eki-6333ac-2g | - | |
| advantech | eki-6333ac-2gd_firmware | * | |
| advantech | eki-6333ac-2gd | - | |
| advantech | eki-6333ac-1gpo_firmware | * | |
| advantech | eki-6333ac-1gpo | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E027C8-2521-45FC-BABB-4A6E3341F883",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B63DF4-0184-4108-B48B-D31179104701",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447F8AEB-2C7C-411A-893C-11C2F7588C82",
"versionEndExcluding": "1.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F70DBA-2D4C-4407-885D-71887A1A7979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828B9D05-0064-4690-A624-D3BF659BD316",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A73A2B-9FD5-4971-8FFF-1BA14BCCB37B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-78 \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (\u003c= 1.6.3), EKI-6333AC-2GD (\u003c= v1.6.3) and EKI-6333AC-1GPO (\u003c= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the \"mp_apply\" API which are not properly sanitized before being concatenated to OS level commands."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad CWE-78 \"Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO (\u0027Inyecci\u00f3n de comando del SO\u0027)\" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (\u0026lt;= 1.6.3), EKI-6333AC-2GD (\u0026lt;= v1.6.3) y EKI-6333AC-1GPO (\u0026lt;= v1.2.1). La fuente de la vulnerabilidad se basa en m\u00faltiples par\u00e1metros pertenecientes a la API \"mp_apply\" que no se desinfectan correctamente antes de concatenarse con comandos de nivel del SO."
}
],
"id": "CVE-2024-50363",
"lastModified": "2026-01-23T19:38:08.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
},
"published": "2024-11-26T11:22:02.530",
"references": [
{
"source": "prodsec@nozominetworks.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50363"
}
],
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "prodsec@nozominetworks.com",
"type": "Secondary"
}
]
}