CVE-2024-50376

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 78

Summary

CVE-2024-50376 is a newly discovered cross-site scripting (XSS) vulnerability affecting several Advantech devices: EKI-6333AC-2G (<= v1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This issue, classified as Common Vulnerabilities and Exposures (CVE) number 2024-50376, stems from CWE-79, an improper neutralization of input during web page generation. Malicious actors can take advantage of this flaw by deploying a rogue Wi-Fi access point with a deceitful SSID to remotely exploit the vulnerability, potentially leading to unauthorized access to user data or system manipulation. Users are advised to update their affected devices to the latest available firmware versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share