Introduction

Researchers have identified nearly twenty vulnerabilities in the Advantech EKI-6333AC-2G industrial-grade wireless access point [1] [5], with several classified as critical [1] [5]. These vulnerabilities pose significant risks, including unauthorized remote code execution and potential compromise of device security.

Description

Researchers have disclosed nearly twenty vulnerabilities in the Advantech EKI-6333AC-2G industrial-grade wireless access point [1] [5], each associated with a unique CVE identifier. Among these, six vulnerabilities are classified as critical, with a CVSS score of 9.8 [1] [5], allowing unauthenticated remote code execution (RCE) with root privileges [1] [3] [4] [5]. This compromises the confidentiality [1] [3] [4] [5], integrity [1] [2] [3] [4] [5], and availability of the device [1] [3] [4] [5]. The critical vulnerabilities include CVE-2024-50370, CVE-2024-50371 [1] [2] [3] [4] [5], CVE-2024-50372 [1] [2] [3] [4] [5], CVE-2024-50373 [1] [2] [3] [4] [5], CVE-2024-50374 [1] [2] [3] [4] [5], and CVE-2024-50375 [1] [2] [3] [4] [5]. The first five vulnerabilities relate to improper neutralization of special elements in operating system commands [1] [5], while CVE-2024-50375 pertains to missing authentication for critical functions [1] [5].

Attackers can exploit these vulnerabilities through two primary vectors: direct interaction over the network (LAN/WAN) and over-the-air attacks. In the latter scenario, an attacker must be in close physical proximity to the access point and can execute code on the device without being connected to the network. This requires broadcasting beacon frames from a rogue access point under their control [5]. The attack is initiated when an administrator accesses the “Wi-Fi Analyzer” section of the Advantech web application [1] [4], allowing the attacker to inject a JavaScript payload via the SSID [4]. This can lead to the execution of arbitrary JavaScript code in the victim’s browser [4], enabling command injection at the OS level with root privileges [4], potentially resulting in a reverse shell for persistent remote access [4].

Additionally, a specific attack scenario involves chaining vulnerabilities [3], such as CVE-2024-50376, a Cross-Site Scripting (CWE-79) vulnerability with a CVSS score of 7.3, which can be exploited without network access [3], and CVE-2024-50359 [1] [2] [3] [4] [5], an OS command injection (CWE-78) vulnerability with a CVSS score of 7.2 that typically requires authentication. Successful exploitation of these vulnerabilities can lead to persistent access to internal resources, data theft [1] [5], Denial of Service (DoS) [3], and lateral movement within the network [3].

In response to these vulnerabilities [3], Advantech has released firmware updates: version 1.6.5 for the EKI-6333AC-2G and EKI-6333AC-2GD [3], and version 1.2.2 for the EKI-6333AC-1GPO [3]. Users are strongly encouraged to upgrade to these versions to mitigate the risks of unauthorized access and enhance the security of their devices.

Conclusion

The discovery of these vulnerabilities highlights the critical need for robust security measures in industrial-grade wireless access points. The potential impacts include unauthorized access, data breaches, and network disruptions [5]. Advantech’s release of firmware updates is a crucial step in mitigating these risks. Users must promptly apply these updates to safeguard their systems. Moving forward, continuous monitoring and timely patching will be essential to protect against emerging threats and ensure the integrity of industrial network environments.

References

[1] https://www.infosecurity-magazine.com/news/critical-vulnerabilities/
[2] https://www.techidee.nl/meer-dan-twintig-fouten-geidentificeerd-in-industriele-wi-fi-toegangspunten-van-advantech-zo-snel-mogelijk-patchen/16970/
[3] https://www.scoop.co.nz/stories/SC2411/S00049/over-the-air-vulnerabilities-discovered-in-advantech-eki-access-points.htm
[4] https://www.ihash.eu/2024/11/over-two-dozen-flaws-identified-in-advantech-industrial-wi-fi-access-points-patch-asap/
[5] https://osintcorp.net/critical-vulnerabilities-uncovered-in-industrial-wireless-access-point/