CVE-2024-50366

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50366 is a newly discovered cybersecurity vulnerability affecting select Advantech devices: EKI-6333AC-2G (versions <= 1.6.3), EKI-6333AC-2GD (versions <= v1.6.3), and EKI-6333AC-1GPO (versions <= v1.2.1). This issue stems from a CWE-78 "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" vulnerability. Multiple parameters in the "applications_apply" API, which are not adequately sanitized, are concatenated with OS-level commands, posing a significant risk. Attackers could potentially inject malicious code, leading to unauthorized system access, data theft, or even complete system compromise. Users are advised to update their devices to the latest available versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share