CVE-2024-50360

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A security issue was discovered in the snmp apply API, where multiple parameters are not properly sanitized before being concatenated to OS level commands, allowing for OS command injection. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the snmp apply API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the snmp apply API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the vulnerable parameters in the snmp apply API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.