CVE-2024-50377
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-50377 is a newly disclosed vulnerability affecting select Advantech devices: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO (<= v1.2.1). This issue stems from the use of a static password in the backup configuration functionality, classified as a CWE-798 "Use of Hard-coded Credentials." By default, these archives are encrypted, leaving the hard-coded password exposed and easily discoverable, potentially leading to unauthorized access and data breaches. Devices with the affected versions must be updated to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.