Critical Alert: 26 Security Flaws Found in Advantech Industrial Wi-Fi Systems – Immediate Patching Required

Critical Alert: 26 Security Flaws Found in Advantech Industrial Wi-Fi Systems - Immediate Patching Required

Critical Security Alert: Multiple Vulnerabilities Found in Advantech EKI Access Points

Security researchers have uncovered 20 significant vulnerabilities affecting Advantech EKI industrial wireless access points, with six classified as critical. These flaws pose substantial risks to industrial networks and require immediate attention.

Vulnerability Overview
The most severe issues include five critical OS command vulnerabilities (CVE-2024-50370 through CVE-2024-50374) and an authentication bypass flaw (CVE-2024-50375), all carrying a CVSS score of 9.8. These vulnerabilities could enable attackers to install backdoors, gain unauthorized access, and compromise system integrity.

Attack Scenario
A particularly concerning attack vector combines cross-site scripting (CVE-2024-50376) with command injection (CVE-2024-50359). While requiring physical proximity, attackers can:
– Broadcast a malicious access point
– Target administrators viewing the “Wi-Fi Analyzer” section
– Execute remote code with root privileges

Affected Devices and Solutions
Patches are available through firmware updates:
– EKI-6333AC-2G and EKI-6333AC-2GD: Update to version 1.6.5
– EKI-6333AC-1GPO: Update to version 1.2.2

Security Implications
These vulnerabilities could lead to:
– Complete system compromise
– Unauthorized network access
– Data theft
– Malicious code deployment

Organizations using affected devices should immediately update to the latest firmware version to mitigate these security risks.

Share This Article