CVE-2024-50376

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: The issue is related to improper neutralization of input during web page generation, which can lead to cross-site scripting (XSS). This can be exploited remotely by an attacker using a rogue Wi-Fi access point with a malicious SSID, allowing them to execute arbitrary commands. The attacker can insert a JavaScript payload as the SSID for the rogue access point to trigger the XSS vulnerability inside the web application.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation.