Critical Vulnerabilities Discovered in Advantech Wireless Access Points Pose Serious Security Risks
Recent research has uncovered 20 significant vulnerabilities in Advantech’s EKI-6333AC-2G industrial-grade wireless access points, equipment widely utilized in critical infrastructure sectors. The discovered flaws could enable attackers to execute remote code and initiate denial-of-service attacks, raising alarms about the potential risks to vital services and operational systems.
The researchers from Nozomi Networks Labs reported the vulnerabilities on November 29, 2024. They highlighted that these security issues could allow attackers to execute commands with root privileges without requiring authentication. Such capabilities pose a severe threat, particularly in environments where unimpeded connectivity is crucial, such as manufacturing plants and energy facilities.
The vulnerabilities were confirmed in firmware version 1.6.2. In response, Advantech has issued firmware updates to address the issues, specifically version 1.6.5 for both the EKI-6333AC-2G and EKI-6333AC-2GD models, and version 1.2.2 for the EKI-6333AC-1GPO model.
Advantech designed the EKI-6333AC-2G access point to function under challenging environmental conditions, emphasizing dual-band Wi-Fi connectivity essential for industrial automation. The company notes the importance of secure and stable wireless communications in mission-critical applications, detailing how disruptions could have dire consequences for operations reliant on continuous connectivity.
The vulnerabilities discovered could pose significant risks, as access to the devices requires either local area network (LAN) or wide area network (WAN) access or physical proximity. The researchers explained that successfully exploiting these vulnerabilities could allow attackers to gain direct access to the device, enabling lateral movement within enterprise networks and even facilitating denial-of-service attacks.
The identified vulnerabilities include several command injection flaws, such as CVE-2024-50370 through CVE-2024-50374, each assigned a critical CVSS score of 9.8. These flaws can be exploited remotely, presenting a method for attackers to gain full control over the affected devices. Additionally, another critical weakness, CVE-2024-50375, pertains to absent authentication measures for essential functions, ranked similarly in severity.
Research also indicated that the vulnerabilities extend to over-the-air attack vectors. For example, attackers could combine exploits like CVE-2024-50376 and CVE-2024-50359 to deploy malicious payloads via rogue wireless access points.
Experts recommend that all users of Advantech’s wireless access points promptly install the latest firmware updates and thoroughly reassess their security configurations. As businesses continue to navigate an evolving landscape of cybersecurity threats, understanding the MITRE ATT&CK framework may assist in recognizing potential adversary tactics, such as initial access, privilege escalation, and persistence, thereby enhancing their ability to mitigate such risks within their infrastructures effectively.
