CVE-2024-50367

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A security issue was discovered in the "sta log htm" API of Advantech's EKI-6333AC devices, where multiple parameters are not properly sanitized before being used in OS-level commands. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "sta log htm" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "sta log htm" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using parameters that are not properly sanitized in the "sta log htm" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.