CVE-2024-50374

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50374 is a newly discovered vulnerability affecting several Advantech access points, including the EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This issue is categorized as a CWE-78 "Improper Neutralization of Special Elements used in an OS Command," also known as OS Command Injection. Unauthenticated remote users with the ability to interact with the default "edgserver" service can exploit this vulnerability and execute malicious commands with root privileges. The source of the problem lies within the processing code related to the "capture_packages" operation, and no authentication is required to access the affected service.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share