CVE-2024-50359

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-53059 is a newly discovered vulnerability affecting select Advantech devices: EKI-6333AC-2G (version 1.6.3 and below), EKI-6333AC-2GD (version 1.6.3 and below), and EKI-6333AC-1GPO (version 1.2.1 and below. This issue is rooted in an improper neutralization of special elements used in OS commands, a CWE-78 vulnerability. The root cause lies in the "scan_ap" API, which fails to properly sanitize multiple input parameters before they are concatenated with OS-level commands. This flaw could potentially enable attackers to inject malicious OS commands and gain unauthorized access or control over the affected devices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share