CVE-2024-50365 – This OS command injection vulnerability in Adva... (How to Fix)

Q: How do I fix CVE-2024-50365?

1. Check current firmware version using web interface or CLI 2. Download latest firmware from Advantech support portal 3. Upload firmware via web interface 4. Apply update and restart device 5. Verify update was successful

Q: What is the severity of CVE-2024-50365?

CVE-2024-50365 has a CVSS score of 7.2 (HIGH). This OS command injection vulnerability in Advantech EKI-6333 series industrial switches allows attackers to execute arbitrary commands on affected devices by exploiting unsanitized parameters in the lan_apply API. Organizations using these switches in industrial control systems or network infrastructure are affected. Successful exploitation could lead to complete device compromise.

📋 TL;DR

This OS command injection vulnerability in Advantech EKI-6333 series industrial switches allows attackers to execute arbitrary commands on affected devices by exploiting unsanitized parameters in the lan_apply API. Organizations using these switches in industrial control systems or network infrastructure are affected. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Advantech EKI-6333AC-2G
Advantech EKI-6333AC-2GD
Advantech EKI-6333AC-1GPO

Versions: EKI-6333AC-2G <= 1.6.3, EKI-6333AC-2GD <= v1.6.3, EKI-6333AC-1GPO <= v1.2.1

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions in default configuration are vulnerable. Devices must have web interface or API access enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device takeover leading to network disruption, lateral movement to other systems, and potential compromise of industrial control systems.

🟠

Likely Case

Unauthorized command execution allowing configuration changes, data exfiltration, or device disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the lan_apply API endpoint. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Advantech security advisory for specific fixed versions

Vendor Advisory: https://www.advantech.com/support

Restart Required: Yes

Instructions:

1. Check current firmware version using web interface or CLI
2. Download latest firmware from Advantech support portal
3. Upload firmware via web interface
4. Apply update and restart device
5. Verify update was successful

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules

Access Control

linux

Restrict access to device management interfaces to trusted IP addresses only

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Disable web interface and API access if not required
Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at System > Firmware or via CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is above affected versions and test lan_apply API with sanitized input

📡 Detection & Monitoring

Log Indicators:

Unusual API calls to lan_apply endpoint
Suspicious command execution in system logs
Multiple failed authentication attempts

Network Indicators:

Unusual traffic patterns to device management ports
Unexpected outbound connections from device

SIEM Query:

source="advantech-switch" AND (uri="*lan_apply*" OR command="*;*" OR command="*|*" OR command="*`*")

📊 Metadata

CVE ID: CVE-2024-50365

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: November 26, 2024

Last Updated: January 23, 2026

🔗 References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50365 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50365, you might also want to check these: