CVE-2024-50362

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A security issue was discovered in the connection profile apply API, where multiple parameters are not properly sanitized before being concatenated to OS level commands, allowing for OS command injection. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the connection profile apply API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the connection profile apply API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using parameters that are not properly sanitized in the connection profile apply API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.