A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
CPEs | cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Advantech
Advantech eki-6333ac-1gpo Firmware Advantech eki-6333ac-2g Firmware Advantech eki-6333ac-2gd Firmware |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2024-11-26T10:54:55.541Z
Updated: 2024-11-26T14:19:26.822Z
Reserved: 2024-10-23T07:55:56.656Z
Link: CVE-2024-50366
Vulnrichment
Updated: 2024-11-26T14:10:32.118Z
NVD
Status : Received
Published: 2024-11-26T11:22:03.853
Modified: 2024-11-26T11:22:03.853
Link: CVE-2024-50366
Redhat
No data.