CVE-2024-50363
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Nov 26, 2024
CWE ID 78
Summary
CVE-2024-53603: A critical OS Command Injection vulnerability (CWE-78) has been identified in select Advantech devices, including the EKI-6333AC-2G (<= v1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This vulnerability stems from the "mp_apply" API, which fails to sanitize multiple parameters prior to concatenation with OS-level commands, potentially enabling attackers to execute unauthorized commands with administrative privileges.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share