cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-50377,https://securityvulnerability.io/vulnerability/CVE-2024-50377,Hard-coded Credentials in Backup Configuration,"A CWE-798 ""Use of Hard-coded Credentials"" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:57:27.054Z,0
CVE-2024-50376,https://securityvulnerability.io/vulnerability/CVE-2024-50376,Rogue Wi-Fi Access Point Vulnerability Affects Advantech Devices,"A vulnerability categorized under CWE-79 involves improper neutralization of input during the web page generation, specifically affecting Advantech networking devices. This flaw permits an attacker to execute arbitrary scripts in the context of a user's session. Exploitation can occur remotely through a rogue Wi-Fi access point that presents a malicious SSID, potentially leading to unauthorized access and manipulation of sensitive information.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:57:14.296Z,0
CVE-2024-50375,https://securityvulnerability.io/vulnerability/CVE-2024-50375,"{""Advantech Devices Vulnerable to Missing Authentication Flaw"",""Advantech EKI-6333AC Devices at Risk of Exploitation""}","A significant security vulnerability exists within Advantech's EKI series access points that allows unauthorized remote users to exploit the default 'edgserver' service. This flaw manifests as a missing authentication for critical functions, affecting the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models with specific versions. The impact of this vulnerability can lead to unauthorized access and potential manipulation of network services without proper authentication, posing a risk to device integrity and security.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:57:03.468Z,0
CVE-2024-50374,https://securityvulnerability.io/vulnerability/CVE-2024-50374,Advantech EKI-6333AC-2G Vulnerable to OS Command Injection,"A vulnerability identified as improper neutralization of special elements used in an OS command, known as OS Command Injection, has been found in Advantech EKI access points. Remote unauthenticated users can exploit this flaw through the default 'edgserver' service enabled on the access points. Malicious commands executed via this attack can run with root privileges, posing significant security risks. The issue arises from how the 'capture_packages' operation processes input, allowing for unauthorized command execution and potentially compromising system integrity.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:56:28.680Z,0
CVE-2024-50373,https://securityvulnerability.io/vulnerability/CVE-2024-50373,Remote Code Execution Vulnerability in Advantech EKI-6333AC-2G Devices,"A vulnerability related to improper neutralization of special elements utilized in an OS command was identified in multiple Advantech EKI series devices. This vulnerability enables remote unauthenticated users to exploit the default 'edgserver' service on the affected devices, which processes commands with root privileges. The flaw is rooted in the code responsible for the 'restore_config_from_utility' function, exposing the affected devices to execution of malicious commands and potential unauthorized access to system controls.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:56:18.987Z,0
CVE-2024-50372,https://securityvulnerability.io/vulnerability/CVE-2024-50372,"{""Remotely Exploitable OS Command Injection Vulnerability Affects Advantech Devices""}","An OS Command Injection vulnerability exists in specific Advantech EKI series devices that allows remote unauthenticated users to execute malicious commands with root privileges. This security flaw affects devices running certain versions, specifically EKI-6333AC-2G (up to 1.6.3), EKI-6333AC-2GD (up to 1.6.3), and EKI-6333AC-1GPO (up to 1.2.1). The vulnerability arises from improper handling of elements used in OS command execution and is linked to the 'backup_config_to_utility' function within the default 'edgserver' service. As the service is accessible without authentication, attackers can exploit this weakness to gain control over the device.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:56:08.644Z,0
CVE-2024-50371,https://securityvulnerability.io/vulnerability/CVE-2024-50371,Advantech Devices Vulnerable to OS Command Injection,"A vulnerability has been identified that permits OS Command Injection in specific Advantech networking devices. This issue arises from improper neutralization of special elements, allowing remote unauthenticated users to exploit the default 'edgserver' service. The vulnerability enables attackers to execute malicious commands with root privileges, significantly compromising the security of the devices. The flaw is attributed to improper handling of code related to the 'wlan_scan' operation, which allows unauthorized access without any authentication mechanisms in place.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:58.526Z,0
CVE-2024-50370,https://securityvulnerability.io/vulnerability/CVE-2024-50370,"{""Vulnerability in Advantech Devices Could Allow Remote Root Access""}","A vulnerability has been identified in certain Advantech EKI series devices, stemming from improper neutralization of special elements utilized in operating system commands. This issue allows remote unauthenticated users to exploit the default 'edgserver' service enabled on these access points, executing malicious commands with root privileges. The root cause of this vulnerability lies in the processing of code associated with the 'cfg_cmd_set_eth_conf' operation. Devices impacted include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO. No authentication is required to access the vulnerable service, heightening the risk of exploitation.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:45.151Z,0
CVE-2024-50369,https://securityvulnerability.io/vulnerability/CVE-2024-50369,OS Command Injection Vulnerability Affects Advantech Devices,"The vulnerability identified pertains to an improper neutralization of special elements utilized in OS commands, a class defined as CWE-78. It impacts specific Advantech networking devices, namely the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, where multiple parameters from the 'multiple_ssid_htm' API are inadequately sanitized. This flaw allows potential attackers to execute arbitrary OS commands, posing serious security risks for affected devices.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:29.755Z,0
CVE-2024-50368,https://securityvulnerability.io/vulnerability/CVE-2024-50368,Improper Neutralization of Special Elements in OS Commands Affects Advantech Devices,"An OS command injection vulnerability has been identified in multiple Advantech EKI devices, resulting from inadequate sanitization of parameters in the 'basic_htm' API. This oversight allows attackers to manipulate OS-level commands through specially crafted input. Affected devices include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, specifically versions less than or equal to 1.6.3 for the first two and less than or equal to 1.2.1 for the latter. Exploitation of this vulnerability enables malicious actors to execute arbitrary commands, potentially leading to unauthorized access and control over the vulnerable devices.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:16.384Z,0
CVE-2024-50367,https://securityvulnerability.io/vulnerability/CVE-2024-50367,OS Command Injection Vulnerability Affects Advantech Devices,"A vulnerability exists in certain Advantech network devices due to improper neutralization of special elements used in OS command execution. This flaw is rooted in the 'sta_log_htm' API, where multiple parameters are not adequately sanitized before being incorporated into OS-level commands. This oversight could enable attackers to execute arbitrary OS commands, potentially compromising the integrity and security of connected systems. The affected devices include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, all of which are running versions below specified thresholds.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:06.118Z,0
CVE-2024-50366,https://securityvulnerability.io/vulnerability/CVE-2024-50366,OS Command Injection Vulnerability Affects Advantech Devices,"An OS command injection vulnerability exists in specific Advantech networking devices due to inadequate sanitization of input parameters within the applications_apply API. This oversight allows attackers to exploit unsanitized data and potentially execute arbitrary OS commands, compromising the security and functionality of the affected devices. The risk is present across multiple Advantech models, making it crucial for users to apply recommended security updates and patches to mitigate exposure.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:55.541Z,0
CVE-2024-50365,https://securityvulnerability.io/vulnerability/CVE-2024-50365,OS Command Injection Vulnerability in Advantech EKI-6333AC-2G Devices,"A vulnerability was identified in specific Advantech networking devices that allows OS command injection through the 'lan_apply' API. This vulnerability occurs due to the failure to properly sanitize multiple parameters before they are concatenated to OS-level commands, enabling attackers to execute arbitrary OS commands. Affected devices include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, particularly those running versions prior to 1.6.3 and 1.2.1, respectively. Proper mitigation measures are essential to secure these devices from potential exploitation.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:43.728Z,0
CVE-2024-50364,https://securityvulnerability.io/vulnerability/CVE-2024-50364,OS Command Injection Vulnerability Affects Multiple Advantech Devices,"A security vulnerability has been identified in specific Advantech EKI series devices, stemming from improper handling of API parameters within the 'export_log' functionality. This oversight allows attackers to inject malicious commands into the operating system, potentially compromising the integrity and security of the affected systems. The flaw arises from the failure to adequately sanitize user inputs before integrating them into system-level commands. As a result, devices like EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO are at risk, highlighting the critical need for prompt updates and security measures to mitigate potential exploitation in operational environments.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:32.798Z,0
CVE-2024-50363,https://securityvulnerability.io/vulnerability/CVE-2024-50363,Improper Neutralization of Special Elements in OS Commands Affects Advantech Devices,"A vulnerability has been identified in select Advantech networking devices, linked to improper sanitization of parameters within the 'mp_apply' API. This flaw may allow attackers to inject malicious commands at the OS level, enabling unauthorized access or control over the affected systems. Devices EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO are specifically impacted by this issue. Users are advised to review their configurations and implement suggested mitigations to safeguard their network infrastructure.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:20.523Z,0
CVE-2024-50362,https://securityvulnerability.io/vulnerability/CVE-2024-50362,OS Command Injection Vulnerability Affects Advantech Devices,"The vulnerability results from an improper neutralization of special elements in OS commands. It affects multiple Advantech devices, where the connection_profile_apply API fails to sanitize user input correctly before passing it to OS level commands. This weakness could allow an attacker to manipulate command execution, potentially leading to unauthorized access and control over the affected devices.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:03.960Z,0
CVE-2024-50361,https://securityvulnerability.io/vulnerability/CVE-2024-50361,OS Command Injection Vulnerability Affects Advantech Devices,"An OS Command Injection vulnerability has been identified in several Advantech EKI devices. This security flaw arises from improper sanitization of multiple parameters within the 'certificate_file_remove' API, allowing attackers to manipulate OS-level commands. Devices affected by this vulnerability include the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, particularly those running versions of firmware below the specified thresholds. This could facilitate unauthorized command execution, posing significant security risks to users and networks reliant on these systems.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:53:51.367Z,0
CVE-2024-50360,https://securityvulnerability.io/vulnerability/CVE-2024-50360,OS Command Injection Vulnerability Affects Advantech Devices,"A vulnerability exists in several networking devices manufactured by Advantech, specifically within the 'snmp_apply' API functionality. This issue arises from a failure to properly sanitize certain parameters before they are concatenated into operating system-level commands. As a result, attackers could exploit this vulnerability to execute arbitrary commands on the vulnerable devices. Affected models include the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, all of which are susceptible to this flaw in specific versions.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:53:33.887Z,0
CVE-2024-50359,https://securityvulnerability.io/vulnerability/CVE-2024-50359,Advantech EKI-6333AC-2G Vulnerable to OS Command Injection,"A vulnerability related to improper neutralization of special elements used in OS commands has been identified in multiple Advantech EKI series devices. This flaw occurs due to inadequate sanitization of parameters associated with the 'scan_ap' API, enabling unauthorized OS command execution. The affected devices, including EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, may be at risk of exploitation if not properly secured. It is critical for users of these devices to review their security measures and apply necessary updates to mitigate potential risks.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:53:20.791Z,0
CVE-2024-50358,https://securityvulnerability.io/vulnerability/CVE-2024-50358,Advantech Devices Vulnerable to CWE-15 External Control of System or Configuration Setting Exploit,"This vulnerability allows authenticated users to exploit an external control issue in configuration settings for specific Advantech networking devices. By restoring a tampered configuration backup, malicious actors can alter system configurations, potentially leading to unauthorized changes in device behavior and posing a threat to network integrity. The affected models include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, all of which have versions that may be vulnerable. Proper security measures and prompt updates are recommended to mitigate risks associated with this issue.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:51:50.451Z,0