Critical severity9.8NVD Advisory· Published Nov 26, 2024· Updated Jun 17, 2026
CVE-2024-50371
CVE-2024-50371
Description
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<= 1.6.3, <= v1.6.3, <= v1.2.1+ 3 more
- (no CPE)range: <= 1.6.3, <= v1.6.3, <= v1.2.1
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50371nvdThird Party Advisory
News mentions
0No linked articles in our index yet.