CVE-2024-50367

CVSS V2 None CVSS V3 None
Description
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands.
Overview
  • CVE ID
  • CVE-2024-50367
  • Assigner
  • Nozomi
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-26T10:55:06.118Z
  • Last Modified Date
  • 2024-11-26T15:37:10.967Z
History
Created Old Value New Value Data Type Notes
2024-11-27 13:35:16 Added to TrackCVE