CVE-2024-50368

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A security issue was discovered in the "basic htm" API of Advantech's EKI-6333AC series devices. The problem arises from the improper sanitization of multiple parameters before they are concatenated to OS-level commands, allowing for OS command injection. This could potentially enable a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the "basic htm" API until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the "basic htm" API to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using parameters that are not properly sanitized in the "basic htm" API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.