MidnightBSD

Advisories for engeniustech

CVE-2019-11353 HIGH

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
engeniustech ews660ap_firmware 2.0.284
CVE-2024-11651 MEDIUM

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been classified as critical. Affected is an unknown function of the file /admin/network/wifi_schedule. The manipulation of the argument wifi_schedule_day_em_5 leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11652 MEDIUM

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument https_enable leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11653 MEDIUM

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_traceroute. The manipulation of the argument diag_traceroute leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11654 MEDIUM

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This affects an unknown part of the file /admin/network/diag_traceroute6. The manipulation of the argument diag_traceroute6 leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11655 MEDIUM

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diag_pinginterface. The manipulation of the argument diag_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11656 MEDIUM

A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This issue affects some unknown processing of the file /admin/network/diag_ping6. The manipulation of the argument diag_ping6 leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11657 MEDIUM

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11658 MEDIUM

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajax_getChannelList. The manipulation of the argument countryCode leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-11659 MEDIUM

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_iperf. The manipulation of the argument iperf leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-77,CWE-77,

Products Affected

Vendor Product Version
engeniustech enh1350ext_firmware *
engeniustech ens500-ac_firmware *
engeniustech ens620ext_firmware *
CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.

Products Affected

Vendor Product Version
engeniustech ews356-fit_firmware *
CVE-2024-31976

EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
engeniustech ews356-fir_firmware *
CVE-2024-36061

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.

Products Affected

Vendor Product Version
engeniustech ews356-fit_firmware *
CVE-2025-28371

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
engeniustech enh500_firmware 3.7.22
CVE-2025-34035

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
engeniustech esr1750_firmware 1.3.1.34
engeniustech esr300_firmware 1.4.7
engeniustech esr1750_firmware 1.3.0
engeniustech esr1200_firmware 1.1.0
engeniustech epg5000_firmware 1.3.3.17
engeniustech esr350_firmware 1.4.0
engeniustech esr1200_firmware 1.4.1
engeniustech esr1200_firmware 1.4.3
engeniustech esr900_firmware 1.1.0
engeniustech esr600_firmware 1.3.1.63
engeniustech esr900_firmware 1.4.3
engeniustech esr600_firmware 1.4.3
engeniustech esr600_firmware 1.4.2
engeniustech esr1750_firmware 1.2.2.27
engeniustech esr900_firmware 1.4.0
engeniustech esr300_firmware 1.4.1.28
engeniustech esr900_firmware 1.3.1.26
engeniustech esr900_firmware 1.3.0
engeniustech esr600_firmware 1.4.0.23
engeniustech esr350_firmware 1.4.2
engeniustech esr1200_firmware 1.3.1.34
engeniustech esr600_firmware 1.1.0.50
engeniustech esr1750_firmware 1.4.5
engeniustech epg5000_firmware 1.3.7.20
engeniustech esr600_firmware 1.4.11
engeniustech esr1750_firmware 1.4.3
engeniustech epg5000_firmware 1.3.9.21
engeniustech esr350_firmware 1.4.11
engeniustech esr600_firmware 1.4.5
engeniustech esr350_firmware 1.3.1.41
engeniustech esr350_firmware 1.4.9
engeniustech esr350_firmware 1.4.5
engeniustech esr1750_firmware 1.4.1
engeniustech esr600_firmware 1.4.9
engeniustech esr1750_firmware 1.1.0
engeniustech esr300_firmware 1.4.2
engeniustech epg5000_firmware 1.3.0
engeniustech esr600_firmware 1.4.1
engeniustech esr900_firmware 1.3.5.18
engeniustech esr600_firmware 1.2.1.46
engeniustech epg5000_firmware 1.3.2
engeniustech esr900_firmware 1.2.2.23
engeniustech epg5000_firmware 1.2.0
engeniustech esr300_firmware 1.3.1.42
engeniustech esr300_firmware 1.4.0
engeniustech esr300_firmware 1.4.9
engeniustech esr900_firmware 1.4.5
engeniustech esr300_firmware 1.1.0.28
engeniustech esr350_firmware 1.1.0.29
engeniustech epg5000_firmware 1.3.3
engeniustech esr1750_firmware 1.4.0
engeniustech esr1200_firmware 1.4.5