CVE-2024-50376

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.

Related Vulnerabilities

CVE-2019-18934

HIGH
CVSS:7.3(High)

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was ...

CWE-782019

CVE-2020-28426

HIGH
CVSS:7.3(High)

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

CWE-782020

CVE-2020-7778

HIGH
CVSS:7.3(High)

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CWE-782020

CVE-2021-23380

HIGH
CVSS:7.3(High)

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec...

CWE-782021

CVE-2021-33633

HIGH
CVSS:7.3(High)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated wit...

CWE-782021

CVE-2021-43266

HIGH
CVSS:7.3(High)

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 2...

CWE-782021