CVE-2024-50365

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A security issue was discovered in the "lan apply" API of Advantech's EKI-6333AC series devices, where multiple parameters are not properly sanitized before being used in OS-level commands. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "lan apply" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "lan apply" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the vulnerable parameters in the "lan apply" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.