cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-50376,https://securityvulnerability.io/vulnerability/CVE-2024-50376,Rogue Wi-Fi Access Point Vulnerability Affects Advantech Devices,"A vulnerability categorized under CWE-79 involves improper neutralization of input during the web page generation, specifically affecting Advantech networking devices. This flaw permits an attacker to execute arbitrary scripts in the context of a user's session. Exploitation can occur remotely through a rogue Wi-Fi access point that presents a malicious SSID, potentially leading to unauthorized access and manipulation of sensitive information.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:57:14.296Z,0
CVE-2024-50375,https://securityvulnerability.io/vulnerability/CVE-2024-50375,"{""Advantech Devices Vulnerable to Missing Authentication Flaw"",""Advantech EKI-6333AC Devices at Risk of Exploitation""}","A significant security vulnerability exists within Advantech's EKI series access points that allows unauthorized remote users to exploit the default 'edgserver' service. This flaw manifests as a missing authentication for critical functions, affecting the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models with specific versions. The impact of this vulnerability can lead to unauthorized access and potential manipulation of network services without proper authentication, posing a risk to device integrity and security.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:57:03.468Z,0
CVE-2024-50374,https://securityvulnerability.io/vulnerability/CVE-2024-50374,Advantech EKI-6333AC-2G Vulnerable to OS Command Injection,"A vulnerability identified as improper neutralization of special elements used in an OS command, known as OS Command Injection, has been found in Advantech EKI access points. Remote unauthenticated users can exploit this flaw through the default 'edgserver' service enabled on the access points. Malicious commands executed via this attack can run with root privileges, posing significant security risks. The issue arises from how the 'capture_packages' operation processes input, allowing for unauthorized command execution and potentially compromising system integrity.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:56:28.680Z,0
CVE-2024-50373,https://securityvulnerability.io/vulnerability/CVE-2024-50373,Remote Code Execution Vulnerability in Advantech EKI-6333AC-2G Devices,"A vulnerability related to improper neutralization of special elements utilized in an OS command was identified in multiple Advantech EKI series devices. This vulnerability enables remote unauthenticated users to exploit the default 'edgserver' service on the affected devices, which processes commands with root privileges. The flaw is rooted in the code responsible for the 'restore_config_from_utility' function, exposing the affected devices to execution of malicious commands and potential unauthorized access to system controls.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:56:18.987Z,0
CVE-2024-50372,https://securityvulnerability.io/vulnerability/CVE-2024-50372,"{""Remotely Exploitable OS Command Injection Vulnerability Affects Advantech Devices""}","An OS Command Injection vulnerability exists in specific Advantech EKI series devices that allows remote unauthenticated users to execute malicious commands with root privileges. This security flaw affects devices running certain versions, specifically EKI-6333AC-2G (up to 1.6.3), EKI-6333AC-2GD (up to 1.6.3), and EKI-6333AC-1GPO (up to 1.2.1). The vulnerability arises from improper handling of elements used in OS command execution and is linked to the 'backup_config_to_utility' function within the default 'edgserver' service. As the service is accessible without authentication, attackers can exploit this weakness to gain control over the device.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:56:08.644Z,0
CVE-2024-50371,https://securityvulnerability.io/vulnerability/CVE-2024-50371,Advantech Devices Vulnerable to OS Command Injection,"A vulnerability has been identified that permits OS Command Injection in specific Advantech networking devices. This issue arises from improper neutralization of special elements, allowing remote unauthenticated users to exploit the default 'edgserver' service. The vulnerability enables attackers to execute malicious commands with root privileges, significantly compromising the security of the devices. The flaw is attributed to improper handling of code related to the 'wlan_scan' operation, which allows unauthorized access without any authentication mechanisms in place.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:58.526Z,0
CVE-2024-50370,https://securityvulnerability.io/vulnerability/CVE-2024-50370,"{""Vulnerability in Advantech Devices Could Allow Remote Root Access""}","A vulnerability has been identified in certain Advantech EKI series devices, stemming from improper neutralization of special elements utilized in operating system commands. This issue allows remote unauthenticated users to exploit the default 'edgserver' service enabled on these access points, executing malicious commands with root privileges. The root cause of this vulnerability lies in the processing of code associated with the 'cfg_cmd_set_eth_conf' operation. Devices impacted include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO. No authentication is required to access the vulnerable service, heightening the risk of exploitation.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:45.151Z,0
CVE-2024-50369,https://securityvulnerability.io/vulnerability/CVE-2024-50369,OS Command Injection Vulnerability Affects Advantech Devices,"The vulnerability identified pertains to an improper neutralization of special elements utilized in OS commands, a class defined as CWE-78. It impacts specific Advantech networking devices, namely the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, where multiple parameters from the 'multiple_ssid_htm' API are inadequately sanitized. This flaw allows potential attackers to execute arbitrary OS commands, posing serious security risks for affected devices.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:29.755Z,0
CVE-2024-50368,https://securityvulnerability.io/vulnerability/CVE-2024-50368,Improper Neutralization of Special Elements in OS Commands Affects Advantech Devices,"An OS command injection vulnerability has been identified in multiple Advantech EKI devices, resulting from inadequate sanitization of parameters in the 'basic_htm' API. This oversight allows attackers to manipulate OS-level commands through specially crafted input. Affected devices include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, specifically versions less than or equal to 1.6.3 for the first two and less than or equal to 1.2.1 for the latter. Exploitation of this vulnerability enables malicious actors to execute arbitrary commands, potentially leading to unauthorized access and control over the vulnerable devices.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:16.384Z,0
CVE-2024-50367,https://securityvulnerability.io/vulnerability/CVE-2024-50367,OS Command Injection Vulnerability Affects Advantech Devices,"A vulnerability exists in certain Advantech network devices due to improper neutralization of special elements used in OS command execution. This flaw is rooted in the 'sta_log_htm' API, where multiple parameters are not adequately sanitized before being incorporated into OS-level commands. This oversight could enable attackers to execute arbitrary OS commands, potentially compromising the integrity and security of connected systems. The affected devices include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, all of which are running versions below specified thresholds.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:55:06.118Z,0
CVE-2024-50366,https://securityvulnerability.io/vulnerability/CVE-2024-50366,OS Command Injection Vulnerability Affects Advantech Devices,"An OS command injection vulnerability exists in specific Advantech networking devices due to inadequate sanitization of input parameters within the applications_apply API. This oversight allows attackers to exploit unsanitized data and potentially execute arbitrary OS commands, compromising the security and functionality of the affected devices. The risk is present across multiple Advantech models, making it crucial for users to apply recommended security updates and patches to mitigate exposure.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:55.541Z,0
CVE-2024-50365,https://securityvulnerability.io/vulnerability/CVE-2024-50365,OS Command Injection Vulnerability in Advantech EKI-6333AC-2G Devices,"A vulnerability was identified in specific Advantech networking devices that allows OS command injection through the 'lan_apply' API. This vulnerability occurs due to the failure to properly sanitize multiple parameters before they are concatenated to OS-level commands, enabling attackers to execute arbitrary OS commands. Affected devices include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, particularly those running versions prior to 1.6.3 and 1.2.1, respectively. Proper mitigation measures are essential to secure these devices from potential exploitation.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:43.728Z,0
CVE-2024-50364,https://securityvulnerability.io/vulnerability/CVE-2024-50364,OS Command Injection Vulnerability Affects Multiple Advantech Devices,"A security vulnerability has been identified in specific Advantech EKI series devices, stemming from improper handling of API parameters within the 'export_log' functionality. This oversight allows attackers to inject malicious commands into the operating system, potentially compromising the integrity and security of the affected systems. The flaw arises from the failure to adequately sanitize user inputs before integrating them into system-level commands. As a result, devices like EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO are at risk, highlighting the critical need for prompt updates and security measures to mitigate potential exploitation in operational environments.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:32.798Z,0
CVE-2024-50363,https://securityvulnerability.io/vulnerability/CVE-2024-50363,Improper Neutralization of Special Elements in OS Commands Affects Advantech Devices,"A vulnerability has been identified in select Advantech networking devices, linked to improper sanitization of parameters within the 'mp_apply' API. This flaw may allow attackers to inject malicious commands at the OS level, enabling unauthorized access or control over the affected systems. Devices EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO are specifically impacted by this issue. Users are advised to review their configurations and implement suggested mitigations to safeguard their network infrastructure.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:20.523Z,0
CVE-2024-50362,https://securityvulnerability.io/vulnerability/CVE-2024-50362,OS Command Injection Vulnerability Affects Advantech Devices,"The vulnerability results from an improper neutralization of special elements in OS commands. It affects multiple Advantech devices, where the connection_profile_apply API fails to sanitize user input correctly before passing it to OS level commands. This weakness could allow an attacker to manipulate command execution, potentially leading to unauthorized access and control over the affected devices.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:54:03.960Z,0
CVE-2024-50361,https://securityvulnerability.io/vulnerability/CVE-2024-50361,OS Command Injection Vulnerability Affects Advantech Devices,"An OS Command Injection vulnerability has been identified in several Advantech EKI devices. This security flaw arises from improper sanitization of multiple parameters within the 'certificate_file_remove' API, allowing attackers to manipulate OS-level commands. Devices affected by this vulnerability include the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, particularly those running versions of firmware below the specified thresholds. This could facilitate unauthorized command execution, posing significant security risks to users and networks reliant on these systems.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:53:51.367Z,0
CVE-2024-50360,https://securityvulnerability.io/vulnerability/CVE-2024-50360,OS Command Injection Vulnerability Affects Advantech Devices,"A vulnerability exists in several networking devices manufactured by Advantech, specifically within the 'snmp_apply' API functionality. This issue arises from a failure to properly sanitize certain parameters before they are concatenated into operating system-level commands. As a result, attackers could exploit this vulnerability to execute arbitrary commands on the vulnerable devices. Affected models include the EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, all of which are susceptible to this flaw in specific versions.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:53:33.887Z,0
CVE-2024-50359,https://securityvulnerability.io/vulnerability/CVE-2024-50359,Advantech EKI-6333AC-2G Vulnerable to OS Command Injection,"A vulnerability related to improper neutralization of special elements used in OS commands has been identified in multiple Advantech EKI series devices. This flaw occurs due to inadequate sanitization of parameters associated with the 'scan_ap' API, enabling unauthorized OS command execution. The affected devices, including EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, may be at risk of exploitation if not properly secured. It is critical for users of these devices to review their security measures and apply necessary updates to mitigate potential risks.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:53:20.791Z,0
CVE-2024-50358,https://securityvulnerability.io/vulnerability/CVE-2024-50358,Advantech Devices Vulnerable to CWE-15 External Control of System or Configuration Setting Exploit,"This vulnerability allows authenticated users to exploit an external control issue in configuration settings for specific Advantech networking devices. By restoring a tampered configuration backup, malicious actors can alter system configurations, potentially leading to unauthorized changes in device behavior and posing a threat to network integrity. The affected models include EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO, all of which have versions that may be vulnerable. Proper security measures and prompt updates are recommended to mitigate risks associated with this issue.",Advantech,"Eki-6333ac-2g,Eki-6333ac-2gd,Eki-6333ac-1gpo",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T10:51:50.451Z,0
CVE-2023-52335,https://securityvulnerability.io/vulnerability/CVE-2023-52335,Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability,"The iView ConfigurationServlet in Advantech iView exposes a security vulnerability that permits remote attackers to access sensitive information. This occurs due to improper validation of a user-supplied string while constructing SQL queries. The vulnerable servlet listens on TCP port 8080 by default. The flaw allows attackers to exploit the system without authentication, potentially revealing stored credentials and leading to further system compromise. As a result, it is crucial for users of Advantech iView to apply appropriate security measures and stay informed about this vulnerability.",Advantech,Iview,7.5,HIGH,0.0025500000920146704,false,,false,false,false,,,false,false,,2024-11-22T20:05:15.175Z,0
CVE-2024-28948,https://securityvulnerability.io/vulnerability/CVE-2024-28948,Advantech ADAM-5630 Vulnerable to CSRF Attacks,"The Advantech ADAM-5630 exhibits a vulnerability that permits cross-site request forgery (CSRF) attacks. By exploiting this vulnerability, an attacker can potentially manipulate the device by bypassing the protections intended to enforce the same origin policy. This flaw can lead to unauthorized actions being performed on behalf of authenticated users, making it essential for organizations using this product to implement robust security measures to mitigate potential exploitation.",Advantech,Adam-5630 Firmware,8.8,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-09-27T18:15:00.000Z,0
CVE-2024-39275,https://securityvulnerability.io/vulnerability/CVE-2024-39275,Session Replay Attack Can Bypass Privilege Token Validation in Advantech ADAM-5630,"The vulnerability in Advantech's ADAM-5630 device stems from improper session management, where cookies of authenticated users remain valid even after the session has been closed. This flaw allows an attacker to forge requests using a legitimate cookie, enabling them to execute actions with the same privileges as the authenticated user. The security risk is particularly concerning as it undermines user privacy and data integrity, highlighting the need for immediate remediation.",Advantech,Adam-5630 Firmware,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-09-27T18:15:00.000Z,0
CVE-2023-5642,https://securityvulnerability.io/vulnerability/CVE-2023-5642,Advantech R-SeeNet Unauthenticated Read/Write,"The Advantech R-SeeNet v2.4.23 software has a vulnerability that allows unauthenticated remote attackers to manipulate the snmpmon.ini file. This file contains critical sensitive information, leading to potential data exposure and unauthorized actions within the system.",Advantech,R-seenet,9.8,CRITICAL,0.004660000093281269,false,,false,false,false,,,false,false,,2023-10-18T16:15:00.000Z,0
CVE-2023-4202,https://securityvulnerability.io/vulnerability/CVE-2023-4202,Stored Cross-Site Scripting,"Advantech EKI-1524, EKI-1522, and EKI-1521 devices running versions up to 1.21 are susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises when an authenticated user inputs malicious scripts into the device name field via the web interface. Successful exploitation allows attackers to execute harmful scripts in the context of users viewing the device's information, potentially leading to further security breaches and data compromise.",Advantech,"Eki-1524,Eki-1522,Eki-1521",9,CRITICAL,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-08T11:15:00.000Z,0
CVE-2023-4203,https://securityvulnerability.io/vulnerability/CVE-2023-4203,Stored Cross-Site Scripting,"Advantech EKI-1524, EKI-1522, and EKI-1521 devices, up to version 1.21, are susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises when authenticated users interact with the ping tool in the web-interface, allowing an attacker to inject malicious scripts. If exploited, this vulnerability could compromise the confidentiality of user data and potentially facilitate unauthorized actions within the application.",Advantech,"Eki-1524,Eki-1522,Eki-1521",9,CRITICAL,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-08-08T11:15:00.000Z,0