A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
CPEs | cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2024-11-26T10:53:51.367Z
Updated: 2024-11-26T14:47:24.692Z
Reserved: 2024-10-23T07:55:56.655Z
Link: CVE-2024-50361
Vulnrichment
Updated: 2024-11-26T14:10:38.830Z
NVD
Status : Received
Published: 2024-11-26T11:22:01.630
Modified: 2024-11-26T11:22:01.630
Link: CVE-2024-50361
Redhat
No data.