CVE-2024-50366

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: The issue exists due to the lack of neutralization of special elements used in an OS command. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability relies on multiple parameters belonging to the "applications apply" API, which are not properly sanitized before being concatenated to OS level commands.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the applications apply API to minimize the risk of exploitation.