Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Avatar
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. “These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
[[{“value”:”

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.

“These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices,” cybersecurity company Nozomi Networks said in a Wednesday analysis.

Following responsible disclosure, the weaknesses have been addressed in the following firmware versions –

1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD)
1.2.2 (for EKI-6333AC-1GPO)

Six of the identified 20 vulnerabilities have been deemed critical, allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service (DoS) condition, and even repurpose infected endpoints as Linux workstations to enable lateral movement and further network penetration.

Of the six critical flaws, five (from CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) relate to improper neutralization of special elements used in an operating system (OS) command, while CVE-2024-50375 (CVSS score: 9.8) concerns a case of missing authentication for a critical function.

Also of note is CVE-2024-50376 (CVSS score: 7.3), a cross-site scripting flaw that could be chained with CVE-2024-50359 (CVSS score: 7.2), another instance of OS command injection that would otherwise require authentication, to achieve arbitrary code execution over-the-air.

That said, in order for this attack to be successful, it requires the external malicious user to be in physical proximity to the Advantech access point and broadcast a rogue access point.

The attack gets activated when an administrator visits the “Wi-Fi Analyzer” section in the web application, causing the page to automatically embed information received through beacon frames broadcasted by the attacker without any sanitization checks.

“One such piece of information an attacker could broadcast through its rogue access point is the SSID (commonly referred to as the ‘Wi-Fi network name’),” Nozomi Networks said. “The attacker could therefore insert a JavaScript payload as SSID for its rogue access point and exploit CVE-2024-50376 to trigger a Cross-Site Scripting (XSS) vulnerability inside the web application.”

The result is the execution of arbitrary JavaScript code in the context of the victim’s web browser, which could then be combined with CVE-2024-50359 to achieve command injection at the OS level with root privileges. This could take the form of a reverse shell that provides persistent remote access to the threat actor.

“This would enable attackers to gain remote control over the compromised device, execute commands, and further infiltrate the network, extracting data or deploying additional malicious scripts,” the company said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Next Post

FUTURE AI SUMMIT MALAYSIA

Related Posts

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the
Avatar
Read More