CVE-2024-50367

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50367 is a newly identified cybersecurity vulnerability affecting select Advantech devices. The issue, classified as CWE-78 or OS Command Injection, puts at risk the EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1) models. The root cause lies in the "sta_log_htm" API, where multiple input parameters are not properly sanitized before being incorporated into OS-level commands. This oversight leaves these devices susceptible to potential attackers who could exploit the vulnerability by injecting malicious commands.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share