OS Command Injection Vulnerability in EnGenius ENH1350EXT Devices

CVE-2024-45242

What is CVE-2024-45242?

The EnGenius ENH1350EXT devices, up to firmware version 3.9.3.2_c1.9.51, are susceptible to an OS Command Injection vulnerability. During their initial setup, these devices create an unsecured Wi-Fi network, using default administrator credentials that are typically set to 'admin/admin'. This oversight allows an attacker within range to exploit this unsecured network. By using crafted shell metacharacters in the Ping or Speed Test utility, the attacker can gain unauthorized access and execute arbitrary OS commands at the root level, posing a significant security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References