Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nov 28, 2024Ravie LakshmananIoT Security / Vulnerability

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.

“These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices,” cybersecurity company Nozomi Networks said in a Wednesday analysis.

Following responsible disclosure, the weaknesses have been addressed in the following firmware versions –

• 1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD)
• 1.2.2 (for EKI-6333AC-1GPO)

Six of the identified 20 vulnerabilities have been deemed critical, allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service (DoS) condition, and even repurpose infected endpoints as Linux workstations to enable lateral movement and further network penetration.

Of the six critical flaws, five (from CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) relate to improper neutralization of special elements used in an operating system (OS) command, while CVE-2024-50375 (CVSS score: 9.8) concerns a case of missing authentication for a critical function.

Also of note is CVE-2024-50376 (CVSS score: 7.3), a cross-site scripting flaw that could be chained with CVE-2024-50359 (CVSS score: 7.2), another instance of OS command injection that would otherwise require authentication, to achieve arbitrary code execution over-the-air.

That said, in order for this attack to be successful, it requires the external malicious user to be in physical proximity to the Advantech access point and broadcast a rogue access point.

The attack gets activated when an administrator visits the “Wi-Fi Analyzer” section in the web application, causing the page to automatically embed information received through beacon frames broadcasted by the attacker without any sanitization checks.

“One such piece of information an attacker could broadcast through its rogue access point is the SSID (commonly referred to as the ‘Wi-Fi network name’),” Nozomi Networks said. “The attacker could therefore insert a JavaScript payload as SSID for its rogue access point and exploit CVE-2024-50376 to trigger a Cross-Site Scripting (XSS) vulnerability inside the web application.”

The result is the execution of arbitrary JavaScript code in the context of the victim’s web browser, which could then be combined with CVE-2024-50359 to achieve command injection at the OS level with root privileges. This could take the form of a reverse shell that provides persistent remote access to the threat actor.

“This would enable attackers to gain remote control over the compromised device, execute commands, and further infiltrate the network, extracting data or deploying additional malicious scripts,” the company said.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!