A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
CPEs | cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2024-11-26T10:54:43.728Z
Updated: 2024-11-26T14:46:21.281Z
Reserved: 2024-10-23T07:55:56.655Z
Link: CVE-2024-50365
Vulnrichment
Updated: 2024-11-26T14:10:33.420Z
NVD
Status : Received
Published: 2024-11-26T11:22:03.430
Modified: 2024-11-26T11:22:03.430
Link: CVE-2024-50365
Redhat
No data.