CVE-2024-50375
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-50375 is a newly disclosed vulnerability affecting certain access points manufactured by Advantech. The affected models include EKI-6333AC-2G (version 1.6.3 and below), EKI-6333AC-2GD (version 1.6.3 and below), and EKI-6333AC-1GPO (version 1.2.1 and below). This issue is classified as a CWE-306 "Missing Authentication for Critical Function," allowing remote, unauthenticated users to exploit it by interacting with the default "edgserver" service enabled on these devices. Successful exploitation could result in unauthorized access or other malicious activities. Users are strongly encouraged to update their devices to the latest available firmware versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.