Submit #446641: EnGenius ENS500-AC 3.7.20 Command Injectioninfo

TitleEnGenius ENS500-AC 3.7.20 Command Injection
DescriptionEngenius multiple devices /admin/network/ajax_getChannelList interface has a command injection vulnerability, after the user logs in to the device, the countryCode parameters command injection, the final system can successfully execute the command, can directly obtain system permissions
Source⚠️ https://k9u7kv33ub.feishu.cn/wiki/VyKHwBhydiyeuDkATo9cFZTDnHb
User
 liutong (UID 76264)
Submission11/18/2024 02:27 PM (2 months ago)
Moderation11/24/2024 04:14 PM (6 days later)
StatusAccepted
VulDB Entry285979 [EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 ajax_getChannelList countryCode command injection]
Points18

Do you want to use VulDB in your project?

Use the official API to access entries easily!