CVE-2024-50373
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 26, 2024
CWE ID 78
Summary
CVE-2024-50373 is a newly discovered vulnerability affecting certain Advantech devices: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This issue is classified as CWE-78 or OS Command Injection, which allows unauthenticated remote users with access to the default "edgserver" service to execute malicious commands with root privileges. The vulnerability arises from a flaw in the processing code linked to the "restore_config_from_utility" operation, and no authentication is required for exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share