Almost two dozen safety vulnerabilities have been disclosed in Advantech EKI industrial-grade wi-fi entry level gadgets, a few of which might be weaponized to bypass authentication and execute code with elevated privileges.
“These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices,” cybersecurity firm Nozomi Networks stated in a Wednesday evaluation.
Following accountable disclosure, the weaknesses have been addressed within the following firmware variations –
- 1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD)
- 1.2.2 (for EKI-6333AC-1GPO)
Six of the recognized 20 vulnerabilities have been deemed essential, permitting an attacker to acquire persistent entry to inner assets by implanting a backdoor, set off a denial-of-service (DoS) situation, and even repurpose contaminated endpoints as Linux workstations to allow lateral motion and additional community penetration.
Of the six essential flaws, 5 (from CVE-2024-50370 by CVE-2024-50374, CVSS scores: 9.8) relate to improper neutralization of particular parts utilized in an working system (OS) command, whereas CVE-2024-50375 (CVSS rating: 9.8) considerations a case of lacking authentication for a essential operate.
Additionally of notice is CVE-2024-50376 (CVSS rating: 7.3), a cross-site scripting flaw that might be chained with CVE-2024-50359 (CVSS rating: 7.2), one other occasion of OS command injection that will in any other case require authentication, to realize arbitrary code execution over-the-air.
That stated, to ensure that this assault to achieve success, it requires the exterior malicious person to be in bodily proximity to the Advantech entry level and broadcast specifically crafted knowledge from a rogue entry level.
The assault will get activated when an administrator visits the “Wi-Fi Analyzer” part within the internet utility, inflicting the web page to routinely embed info acquired by beacon frames broadcasted by the attacker with none sanitization checks.
“One such piece of information an attacker could broadcast through its rogue access point is the SSID (commonly referred to as the ‘Wi-Fi network name’),” Nozomi Networks stated. “The attacker could therefore insert a JavaScript payload as SSID for its rogue access point and exploit CVE-2024-50376 to trigger a cross-site scripting (XSS) vulnerability inside the web application.”
The result’s the execution of arbitrary JavaScript code within the context of the sufferer’s internet browser, which may then be mixed with CVE-2024-50359 to realize command injection on the OS stage with root privileges. This might take the type of a reverse shell that gives persistent distant entry to the risk actor.
“This would enable attackers to gain remote control over the compromised device, execute commands, and further infiltrate the network, extracting data or deploying additional malicious scripts,” the corporate stated.
