CVE-2024-50373

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: The issue exists due to the lack of neutralization of special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands with root privileges. The vulnerability is associated with the edgserver service and the restore config from utility operation. No authentication is required to interact with the vulnerable service.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the edgserver service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the restore config from utility operation to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the edgserver service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.