CVE-2024-50373

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50373 is a newly discovered vulnerability affecting certain Advantech devices: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This issue is classified as CWE-78 or OS Command Injection, which allows unauthenticated remote users with access to the default "edgserver" service to execute malicious commands with root privileges. The vulnerability arises from a flaw in the processing code linked to the "restore_config_from_utility" operation, and no authentication is required for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share