Command Injection Vulnerability in EnGenius Devices (CVE-2024-1118)
CVE-2024-11651

7.2HIGH

Key Information:

Vendor: EnGenius
Status: Enh1350ext Firmware
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-11651?

A command injection vulnerability exists within the wifi_schedule functionality of EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT devices up to version 20241118. The vulnerability arises from improper validation of input parameters associated with the wifi_schedule_day_em_5 argument. Attackers can exploit this vulnerability remotely, potentially allowing them to execute arbitrary commands on the affected devices. Despite the discovery of this exploit and attempts to contact the vendor for resolution, no response has been received, raising concerns about the security of users relying on these products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://k9u7kv33ub.feishu.cn/wiki/XIepwv7goiCcYxk5QAgc8Q2...

https://vuldb.com/?ctiid.285972

https://vuldb.com/?id.285972

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2024

JSON

EnGenius

What is CVE-2024-11651?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.