- Malicious Actors Exploit ProjectSend Critical Vulnerability
- Buy a Microsoft 365 license for $40 with this Black Friday deal
- La inteligencia artificial trasciende al espacio
- Gift a Babbel subscription for 78% off to learn a new language - a new low price for Black Friday
- FTC opens antitrust investigation into Microsoft’s cloud, AI, and cybersecurity practices
Critical Vulnerabilities Uncovered in Industrial Wireless Access Point
Researchers have discovered 20 vulnerabilities in a wireless access point commonly used in industrial environments, six of which are critical.
An analysis by Nozomi Networks Labs of version 1.6.2 of Advantech’s EKI-6333AC-2G industrial-grade wireless access point found that these vulnerabilities pose significant risks, including remote code execution (RCE) with root privileges.
Each of the vulnerabilities have been assigned a unique CVE identifier.
EKI-6333AC-2G is designed to provide stable, dual-band Wi-Fi connectivity across challenging industrial environments such as automobile assembly lines and warehousing and distribution operations within logistics.
It is utilized in critical sectors including manufacturing, energy and public infrastructure.
Customers have been urged to upgrade their devices to new firmware versions released by Advantech to address these vulnerabilities:
- EKI-6333AC-2G: v1.6.5
- EKI-6333AC-2GD: v1.6.5
- EKI-6333AC-1GPO: v1.2.2
Read now: CISA Warns of Critical Software Vulnerabilities in Industrial Devices
Critical Vulnerabilities Can Result in Device Compromise
Six of the discovered vulnerabilities have been evaluated as critical and have been given a CVSS score of 9.8.
They have been identified as critical because they can lead to RCE with root privileges over the access point, thereby fully compromising the confidentiality, integrity and availability of the affected devices.
CVE-2024-50370, CVE-2024-50371, CVE-2024-50372, CVE-2024-50373, CVE-2024-50374 relate to improper neutralization of special elements used in an operating system (OS) command.
CVE-2024-50375 relates to missing authentication for critical function.
The researchers identified two possible attack vectors arising from the six critical vulnerabilities.
The first can take place when the attackers are able to interact directly with the access point over the network (LAN/WAN), enabling them to craft malicious requests that target the vulnerable service.
The second scenario occurs over the air, where an attacker does not need to be connected to the victim’s wired (LAN/WAN) or wireless (WLAN) network. Here, they can exploit the wireless spectrum to execute code on the device simply by being in close physical proximity to it.
Attackers must be a close enough distance to broadcast beacon frames from a “Rogue Wireless Access Point,” a fake access point that is fully controlled by the attacker and separate from the Advantech one. Beacon frames are used to synchronize the network and convey important information about the network’s capabilities.
For such an over the air attack to occur, the attackers must also have administrator-level user access the “Wi-Fi Analyzer” section of the Advantech web application.
This can be obtained by either gaining a victim’s credentials through phishing and social engineering attempts or by simply waiting for an administrator to visit the vulnerable web page as may happen during regular maintenance activity.
Using either of these attack techniques, attackers can carry out a number of activities in the network, including persistent access, data theft and disruption.
