CVE-2024-50359

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A security issue was discovered in the "scan ap" API of Advantech's EKI-6333AC series devices. The problem arises from the improper sanitization of multiple parameters in the "scan ap" API before they are concatenated to OS-level commands. This could allow a remote attacker to execute arbitrary code.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "scan ap" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "scan ap" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the parameters associated with the "scan ap" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.