Search This Blog

Powered by Blogger.

Blog Archive

Labels

Critical Vulnerabilities in Advantech EKI Devices Pose Severe Security Risks

An attack leveraging these flaws requires the malicious actor to be near the target device.

 

Nearly 20 security vulnerabilities have been identified in Advantech EKI industrial wireless access points. These flaws, some of which are critical, could allow attackers to bypass authentication and execute malicious code with elevated privileges.

"These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices," stated Nozomi Networks in its analysis on Wednesday.

The vulnerabilities have been patched in firmware versions 1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD) and 1.2.2 (for EKI-6333AC-1GPO) following responsible disclosure. Six of the 20 identified flaws were deemed critical, enabling attackers to plant backdoors, trigger denial-of-service (DoS) conditions, and turn compromised devices into Linux workstations for lateral network attacks.

Five critical flaws (CVE-2024-50370 through CVE-2024-50374) are linked to improper neutralization of special elements in OS commands. Another, CVE-2024-50375, relates to missing authentication for critical functions. Both have been assigned a CVSS score of 9.8, indicating their severity.

CVE-2024-50376, a cross-site scripting (XSS) vulnerability with a CVSS score of 7.3, could be exploited in tandem with CVE-2024-50359 (OS command injection, CVSS score: 7.2) to execute arbitrary code remotely.

An attack leveraging these flaws requires the malicious actor to be near the target device. By broadcasting specially crafted data via a rogue access point, attackers could exploit vulnerabilities when administrators access the "Wi-Fi Analyzer" section of the web application.

"One such piece of information an attacker could broadcast through its rogue access point is the SSID (commonly referred to as the 'Wi-Fi network name')," explained Nozomi Networks. "The attacker could therefore insert a JavaScript payload as SSID for its rogue access point and exploit CVE-2024-50376 to trigger a cross-site scripting (XSS) vulnerability inside the web application."

Successful exploitation results in arbitrary JavaScript execution in the victim’s browser, potentially leading to OS-level command injection with root privileges. This could enable attackers to establish a reverse shell for persistent remote access, compromising the entire network.

"This would enable attackers to gain remote control over the compromised device, execute commands, and further infiltrate the network, extracting data or deploying additional malicious scripts," Nozomi Networks emphasized.
Share it:

Advantech vulnerabilities

CVE-2024 exploits

Cyber Security

cybersecurity threats 2024

industrial wireless security

remote code execution risks