CVE-2024-39364 MEDIUM

CVE-2024-39364: Advantech ADAM-5630 Missing Authentication for Critical Function

Vendor Advantech
Product ADAM-5630
Weakness CWE-306 · Missing auth
Published September 27, 2024
Last update September 27, 2024

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands.

Key dates

02Disclosure timeline

September 27, 2024 CVE published
September 27, 2024 Record updated