CVE-2024-50371

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A vulnerability was discovered in the "edgserver" service of Advantech's EKI-6333AC devices, allowing remote unauthenticated users to execute malicious commands with root privileges. The issue arises from the improper neutralization of special elements used in an OS command, enabling attackers to perform arbitrary commands. No authentication is required to exploit this vulnerability, as the "edgserver" service is enabled by default on the access point.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "edgserver" service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, consider disabling the "edgserver" service until a patch is available. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, consider disabling the "edgserver" service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.