Sunday, December 8, 2024

Critical Security Vulnerabilities Found in Advantech Industrial Wi-Fi Access Points – Immediate Updates Urged

A total of 20 security flaws, including six rated as critical, have been uncovered in Advantech’s EKI industrial-grade Wi-Fi access points, with the potential to allow attackers to bypass authentication, execute remote code, and fully compromise affected devices.

“These vulnerabilities pose serious threats, including unauthorized remote code execution with root privileges, jeopardizing the confidentiality, integrity, and availability of the devices,” cybersecurity firm Nozomi Networks stated in a recent analysis.

Affected Devices and Fixed Firmware Versions

The flaws have been patched in the following firmware versions:

  • Version 1.6.5 for EKI-6333AC-2G and EKI-6333AC-2GD
  • Version 1.2.2 for EKI-6333AC-1GPO

The Scope of the Threats

Six critical vulnerabilities are of particular concern, enabling attackers to gain persistent access, plant backdoors, launch denial-of-service (DoS) attacks, and transform compromised endpoints into Linux workstations for lateral movement within a network.

Five of these critical vulnerabilities (CVE-2024-50370 to CVE-2024-50374, CVSS scores: 9.8) involve improper neutralization of OS command elements. The sixth, CVE-2024-50375 (CVSS score: 9.8), relates to missing authentication for a critical function.

Additionally, CVE-2024-50376 (CVSS score: 7.3), a cross-site scripting (XSS) vulnerability, can be chained with CVE-2024-50359 (CVSS score: 7.2), an authenticated OS command injection flaw, to achieve over-the-air arbitrary code execution.

Attack Vectors and Exploitation Details

An attack requires the adversary to be near the Advantech device and set up a rogue access point. The vulnerability is triggered when an administrator visits the “Wi-Fi Analyzer” section of the device’s web application. Malicious data embedded in beacon frames from the rogue access point is processed without proper sanitization, allowing attackers to exploit CVE-2024-50376.

By broadcasting a malicious SSID containing a JavaScript payload, attackers can execute XSS attacks, which could escalate into OS-level command injection (CVE-2024-50359), granting root access to the device. This could lead to the creation of reverse shells, providing the attacker with persistent control and the ability to infiltrate networks, extract sensitive data, and deploy further malware.

Immediate Action Required

Administrators are strongly advised to update their devices to the latest firmware versions to mitigate these risks. Failing to do so leaves networks vulnerable to severe attacks capable of compromising device functionality and broader network security.

Aiden Thomas
Aiden Thomas
Aiden Thomas is a tech enthusiast and expert, writing comprehensive articles on a wide range of technology topics. From the latest gadgets and software innovations to in-depth reviews and industry trends, Aiden's content keeps readers informed and ahead of the curve. His passion for technology shines through in his clear and engaging writing, making complex tech accessible to everyone.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular