CVE-2024-50377

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50377
A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50377 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*
History

23 Jan 2026, 18:01

Type Values Removed Values Added
CPE cpe:2.3:h:advantech:eki-6333ac-1gpo:-:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-6333ac-1gpo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-6333ac-2g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-6333ac-2g:-:*:*:*:*:*:*:*
cpe:2.3:o:advantech:eki-6333ac-2gd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:advantech:eki-6333ac-2gd:-:*:*:*:*:*:*:*
References () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50377 - () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50377 - Third Party Advisory
CWE CWE-798
Summary
  • (es) Se descubrió una vulnerabilidad CWE-798 "Uso de credenciales codificadas de forma rígida" que afecta a los siguientes dispositivos fabricados por Advantech: EKI-6333AC-2G (&lt;= 1.6.3), EKI-6333AC-2GD (&lt;= v1.6.3) y EKI-6333AC-1GPO (&lt;= v1.2.1). La vulnerabilidad está asociada a la funcionalidad de configuración de copias de seguridad que, de forma predeterminada, cifra los archivos mediante una contraseña estática.
First Time Advantech eki-6333ac-1gpo
Advantech eki-6333ac-2g Firmware
Advantech
Advantech eki-6333ac-1gpo Firmware
Advantech eki-6333ac-2g
Advantech eki-6333ac-2gd Firmware
Advantech eki-6333ac-2gd

26 Nov 2024, 11:22

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-26 11:22

Updated : 2026-01-23 18:01

NVD link : CVE-2024-50377

Mitre link : CVE-2024-50377

CVE.ORG link : CVE-2024-50377

JSON object : View

Products Affected

advantech

  • eki-6333ac-2g
  • eki-6333ac-2gd
  • eki-6333ac-2gd_firmware
  • eki-6333ac-1gpo
  • eki-6333ac-2g_firmware
  • eki-6333ac-1gpo_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-798

Use of Hard-coded Credentials