2024-11-26 10:53:51
Nozomi
PUBLISHED
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands.