Full Report
Customers of Advantech’s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions
Analysis Summary
# Vulnerability: Critical RCE Flaws in Advantech EKI-6333AC Industrial Wireless Access Points
## CVE Details
- CVE ID: CVE-2024-50370, CVE-2024-50371, CVE-2024-50372, CVE-2024-50373, CVE-2024-50374, CVE-2024-50375
- CVSS Score: 9.8 (Critical) for the six critical flaws.
- CWE: Multiple (Including CWE-78: Improper Neutralization of Special Elements used in an OS Command, and Missing Authentication for Critical Function). *Note: Specific CWEs are extrapolated from technical description.*
## Affected Systems
- Products: Advantech EKI-6333AC industrial-grade wireless access point series.
- Versions: EKI-6333AC-2G running firmware v1.6.2.
- Configurations: Applicable to devices used in critical sectors like manufacturing, energy, and public infrastructure.
## Vulnerability Description
Twenty vulnerabilities were discovered, with six being critical, enabling Remote Code Execution (RCE) with root privileges. Five CVEs (CVE-2024-50370 through CVE-2024-50374) stem from improper neutralization of special elements used in OS commands. One critical vulnerability (CVE-2024-50375) relates to a missing authentication for a critical function. Successful exploitation leads to full compromise of the device's confidentiality, integrity, and availability.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but PoC exists implicitly via the described attack vectors.
- Complexity: Medium to Low, depending on the attack vector.
- Attack Vector: Network (LAN/WAN) and Wireless (Over-the-air proximity required).
## Impact
- Confidentiality: High (Root access allows data theft/exfiltration).
- Integrity: High (Root access allows full configuration modification and persistent access).
- Availability: High (Root access allows for device disruption).
## Remediation
### Patches
Vendors have released new firmware versions to address these vulnerabilities:
- EKI-6333AC-2G: Upgrade to v1.6.5
- EKI-6333AC-2GD: Upgrade to v1.6.5
- EKI-6333AC-1GPO: Upgrade to v1.2.2
### Workarounds
No specific workarounds are detailed in the summary, but network segmentation and strict access control to the management interface should be considered temporary controls.
## Detection
- Indicators of Compromise: Unauthorized persistent access, unusual network traffic originating from the AP, or unexpected changes to device configuration.
- Detection methods and tools: Network traffic analysis looking for anomalous OS command injection attempts or authentication bypass attempts targeting the management interface. Monitoring for beacon frames attempts to leverage the "Wi-Fi Analyzer" section (if reachable by unauthorized users).
## References
- Vendor Advisories: Advantech (implied by patch release).
- Relevant links:
- hxxps://www.infosecurity-magazine.com/news/critical-vulnerabilities/
- hxxps://www.infosecurity-magazine.com/news/new-citrix-zeroday-vulnerability/
- hxxps://www.infosecurity-magazine.com/news/manufacturing-critical/
- hxxps://www.infosecurity-magazine.com/news/us-energy-vulnerable-supply-chain/
- hxxps://www.infosecurity-magazine.com/news/cisa-critical-vulnerabilities-ics/