CVE-2024-50376

MEDIUM EPSS 36.1%
Published Nov 26, 20241y ago · Modified Jun 17, 20261w ago
5.2 CVSS 3.1
Medium
Find Similar
Published Nov 26, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.

CVSS Details

Base Score
5.2
Exploitability
2.1
Impact
2.7
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
36.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-78 OS Command Injection Injection
CWE-79 Cross-site Scripting Injection

Affected Products 6

VendorProductVersionRange
advantecheki-6333ac-2g_firmware* <1.6.5
advantecheki-6333ac-2g*any
advantecheki-6333ac-2gd_firmware* <1.6.5
advantecheki-6333ac-2gd*any
advantecheki-6333ac-1gpo_firmware* <1.2.2
advantecheki-6333ac-1gpo*any

References 1

  • nozominetworks.com https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50376
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.