cbcvebase.

Advantech Eki-6333Ac-1Gpo Firmware vulnerabilities

20 known vulnerabilities affecting advantech/eki-6333ac-1gpo_firmware.

Total CVEs
20
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH12MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-50375P2CRITICALCVSS 9.8fixed in 1.2.22024-11-26
CVE-2024-50375 [CRITICAL] CWE-78 CVE-2024-50375: A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devi A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enable
nvd
CVE-2024-50374P2CRITICALCVSS 9.8fixed in 1.2.22024-11-26
CVE-2024-50374 [CRITICAL] CWE-78 CVE-2024-50374: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interactin
nvd
CVE-2024-50370P2CRITICALCVSS 9.8fixed in 1.2.22024-11-26
CVE-2024-50370 [CRITICAL] CWE-78 CVE-2024-50370: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interactin
nvd
CVE-2024-50372P2CRITICALCVSS 9.8fixed in 1.2.22024-11-26
CVE-2024-50372 [CRITICAL] CWE-78 CVE-2024-50372: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interactin
nvd
CVE-2024-50373P2CRITICALCVSS 9.8fixed in 1.2.22024-11-26
CVE-2024-50373 [CRITICAL] CWE-78 CVE-2024-50373: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interactin
nvd
CVE-2024-50371P2CRITICALCVSS 9.8fixed in 1.2.22024-11-26
CVE-2024-50371 [CRITICAL] CWE-78 CVE-2024-50371: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interactin
nvd
CVE-2024-50359P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50359 [HIGH] CWE-78 CVE-2024-50359: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API
nvd
CVE-2024-50366P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50366 [HIGH] CWE-78 CVE-2024-50366: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications
nvd
CVE-2024-50360P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50360 [HIGH] CWE-78 CVE-2024-50360: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply"
nvd
CVE-2024-50368P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50368 [HIGH] CWE-78 CVE-2024-50368: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" A
nvd
CVE-2024-50364P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50364 [HIGH] CWE-78 CVE-2024-50364: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "export_log"
nvd
CVE-2024-50369P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50369 [HIGH] CWE-78 CVE-2024-50369: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssi
nvd
CVE-2024-50365P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50365 [HIGH] CWE-78 CVE-2024-50365: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" A
nvd
CVE-2024-50362P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50362 [HIGH] CWE-78 CVE-2024-50362: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "connection_p
nvd
CVE-2024-50363P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50363 [HIGH] CWE-78 CVE-2024-50363: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" AP
nvd
CVE-2024-50367P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50367 [HIGH] CWE-78 CVE-2024-50367: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm"
nvd
CVE-2024-50361P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50361 [HIGH] CWE-78 CVE-2024-50361: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_
nvd
CVE-2024-50358P3HIGHCVSS 7.2fixed in 1.2.22024-11-26
CVE-2024-50358 [HIGH] CWE-15 CVE-2024-50358: A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the followin A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup.
nvd
CVE-2024-50377P4MEDIUMCVSS 6.5fixed in 1.2.22024-11-26
CVE-2024-50377 [MEDIUM] CWE-78 CVE-2024-50377: A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufacture A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.
nvd
CVE-2024-50376P4MEDIUMCVSS 5.2fixed in 1.2.22024-11-26
CVE-2024-50376 [MEDIUM] CWE-78 CVE-2024-50376: A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a maliciou
nvd