CVE-2024-50369

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: The issue exists due to the lack of neutralization of special elements used in an operating system command. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability relies on multiple parameters belonging to the "multiple ssid htm" API, which are not properly sanitized before being concatenated to OS-level commands.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1. As a temporary workaround, consider restricting access to the "multiple ssid htm" API to minimize the risk of exploitation.