A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
CPEs | cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2024-11-26T10:54:20.523Z
Updated: 2024-11-26T14:46:59.844Z
Reserved: 2024-10-23T07:55:56.655Z
Link: CVE-2024-50363
Vulnrichment
Updated: 2024-11-26T14:10:36.005Z
NVD
Status : Received
Published: 2024-11-26T11:22:02.530
Modified: 2024-11-26T11:22:02.530
Link: CVE-2024-50363
Redhat
No data.