CVE-2024-50370

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50370 is a newly discovered vulnerability affecting Advantech's EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1) devices. This issue is categorized as CWE-78 "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" which allows remote, unauthenticated users to execute malicious commands with root privileges by exploiting the default "edgserver" service. The vulnerability lies within the processing code linked to the "cfg_cmd_set_eth_conf" operation and no authentication is required to access the service.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share