{"Vulnerability in Advantech Devices Could Allow Remote Root Access"}
CVE-2024-50370

9.8CRITICAL

Key Information:

Vendor: Advantech
Status: Eki-6333ac-2g; Eki-6333ac-2gd; Eki-6333ac-1gpo
Vendor: CVE Published:; 26 November 2024

Summary

A vulnerability has been identified in certain Advantech EKI series devices, stemming from improper neutralization of special elements utilized in operating system commands. This issue allows remote unauthenticated users to exploit the default 'edgserver' service enabled on these access points, executing malicious commands with root privileges. The root cause of this vulnerability lies in the processing of code associated with the 'cfg_cmd_set_eth_conf' operation. Devices impacted include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO. No authentication is required to access the vulnerable service, heightening the risk of exploitation.

Affected Version(s)

EKI-6333AC-1GPO 0

EKI-6333AC-2G 0

EKI-6333AC-2GD 0

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Oct 23, 2024

Credit

Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.