CVE-2024-50372

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50372 is a newly discovered vulnerability affecting select Advantech access points, including the EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This vulnerability, classified as CWE-78 or OS Command Injection, allows remote, unauthenticated users to interact with the default "edgserver" service and execute malicious commands with root privileges. The vulnerability is due to insufficient input validation in the "backup_config_to_utility" operation, leaving these devices open to potential exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share