CVE-2024-50359
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-53059 is a newly discovered vulnerability affecting select Advantech devices: EKI-6333AC-2G (version 1.6.3 and below), EKI-6333AC-2GD (version 1.6.3 and below), and EKI-6333AC-1GPO (version 1.2.1 and below. This issue is rooted in an improper neutralization of special elements used in OS commands, a CWE-78 vulnerability. The root cause lies in the "scan_ap" API, which fails to properly sanitize multiple input parameters before they are concatenated with OS-level commands. This flaw could potentially enable attackers to inject malicious OS commands and gain unauthorized access or control over the affected devices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.