CVE-2024-50376
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2024-50376 is a newly discovered cross-site scripting (XSS) vulnerability affecting several Advantech devices: EKI-6333AC-2G (<= v1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This issue, classified as Common Vulnerabilities and Exposures (CVE) number 2024-50376, stems from CWE-79, an improper neutralization of input during web page generation. Malicious actors can take advantage of this flaw by deploying a rogue Wi-Fi access point with a deceitful SSID to remotely exploit the vulnerability, potentially leading to unauthorized access to user data or system manipulation. Users are advised to update their affected devices to the latest available firmware versions to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.