CVE-2024-50370
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-50370 is a newly discovered vulnerability affecting Advantech's EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1) devices. This issue is categorized as CWE-78 "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" which allows remote, unauthenticated users to execute malicious commands with root privileges by exploiting the default "edgserver" service. The vulnerability lies within the processing code linked to the "cfg_cmd_set_eth_conf" operation and no authentication is required to access the service.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.