Blog Details

  • Home
  • Blog
  • Critical Vulnerabilities in Advantech EKI Access Points Allow Remote Code Execution
Critical Vulnerabilities in Advantech EKI Access Points Allow Remote Code Execution

Critical Vulnerabilities in Advantech EKI Access Points Allow Remote Code Execution

Cybersecurity researchers have uncovered nearly two dozen vulnerabilities in Advantech EKI industrial-grade wireless access points, posing serious risks to the confidentiality, integrity, and availability of affected devices. These flaws, some rated critical, enable attackers to bypass authentication and execute code with root privileges, potentially leading to full device compromise.

According to Nozomi Networks, the vulnerabilities have been responsibly disclosed and addressed in the following firmware updates:

1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD)

1.2.2 (for EKI-6333AC-1GPO)

The Critical Flaws

Among the 20 vulnerabilities identified, six are deemed critical, with CVSS scores of 9.8, allowing attackers to:

  1. Implant backdoors for persistent access.
  2. Trigger denial-of-service (DoS) conditions.
  3. Repurpose compromised devices as Linux workstations, facilitating lateral movement and deeper network infiltration.

Breakdown of Critical Vulnerabilities:

  1. CVE-2024-50370 to CVE-2024-50374: Improper neutralization of special elements used in OS commands.
  2. CVE-2024-50375: Missing authentication for critical functions.

Additionally, a notable vulnerability, CVE-2024-50376 (CVSS score: 7.3), enables cross-site scripting (XSS) attacks. When chained with CVE-2024-50359 (CVSS score: 7.2, OS command injection requiring authentication), it can lead to arbitrary code execution with root privileges.

Attack Vector and Exploitation

The vulnerabilities exploit Wi-Fi access point functionality:

  1. An attacker must be in physical proximity to the target Advantech device and operate a rogue access point broadcasting malicious data.
  2. The attack activates when an administrator visits the Wi-Fi Analyzer section of the web application. The rogue access point injects a JavaScript payload via its SSID, exploiting CVE-2024-50376 to execute XSS attacks.
  3. This XSS attack can escalate to OS-level command injection using CVE-2024-50359, granting root access.

Impact:

  1. Remote control of the compromised device.
  2. Deployment of malicious scripts for further infiltration.
  3. Potential creation of a reverse shell for persistent access.

Mitigation Measures

To safeguard against these vulnerabilities:

  1. Apply Firmware Updates: Upgrade to firmware versions 1.6.5 or 1.2.2 as applicable.
  2. Secure Network Configurations: Restrict physical access to devices and isolate sensitive network segments.
  3. Monitor Access Points: Regularly review logs and configurations to detect rogue access points.
  4. Web Application Security: Use web browsers with strict security settings to prevent XSS exploitation.
  5. Train Administrators: Educate personnel on identifying potential rogue access points and suspicious activity.

The discovery of these vulnerabilities in Advantech EKI wireless access points highlights the critical need for robust security in industrial IoT devices. By addressing these flaws promptly and adopting proactive measures, organizations can mitigate risks and protect their networks from potential breaches.

 

© 2016 - 2024 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067