CVE-2024-50365
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-5365 is a newly discovered vulnerability affecting certain Advantech devices: EKI-6333AC-2G (versions <= 1.6.3), EKI-6333AC-2GD (versions <= v1.6.3), and EKI-6333AC-1GPO (versions <= v1.2.1). This issue stems from a CWE-78 "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" vulnerability. Multiple parameters within the "lan_apply" API are not adequately sanitized, allowing an attacker to inject malicious OS commands into the system. This could potentially lead to unauthorized access, data theft, or even device takeover. Users are strongly advised to update their devices to the latest available versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.