A CWE-78 "Improper Neutralization of Special Elements...
High severity
Unreviewed
Published
Nov 26, 2024
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
Nov 26, 2024
Published to the GitHub Advisory Database
Nov 26, 2024
Last updated
Nov 26, 2024
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands.
References