Command Injection Vulnerability in EnGenius Networking Devices
CVE-2024-11652

7.2HIGH

Key Information:

Vendor: EnGenius
Status: Enh1350ext Firmware
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-11652?

A critical vulnerability has been identified in EnGenius networking devices, specifically in the ENH1350EXT, ENS500-AC, and ENS620EXT models, impacting versions released up to November 18, 2024. The vulnerability lies in an insecure functionality found within the administrative file /admin/sn_package/sn_https. An attacker can exploit this flaw by manipulating the 'https_enable' argument, which may lead to command injection. This exploitation can be conducted remotely, posing a significant threat to network integrity and security. Despite early notifications sent to EnGenius regarding this vulnerability, there has been no response, highlighting the urgency for users to assess their security measures and mitigate potential risks associated with this disclosure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://k9u7kv33ub.feishu.cn/wiki/Rf7wwXMpQiJkp8kp4pmcZb2...

https://vuldb.com/?ctiid.285973

https://vuldb.com/?id.285973

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2024

JSON

EnGenius

What is CVE-2024-11652?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.