| शीर्षक | EnGenius ENS500 3.7.20 Command Injection |
|---|
| विवरण | There is a command injection vulnerability in the Engenius routing device /admin/network/wifi_schedule interface. After the user logs in to the device, command injection is performed on parameters such as wifi_schedule_day_em_5, and the system can successfully execute commands, which can directly obtain system permissions. This affects all versions, including the latest firmware version. |
|---|
| स्रोत | ⚠️ https://k9u7kv33ub.feishu.cn/wiki/XIepwv7goiCcYxk5QAgc8Q2LnMc?from=from_copylink |
|---|
| उपयोगकर्ता | liutong (UID 76264) |
|---|
| सबमिशन | 18/11/2024 02:17 PM (1 वर्ष पहले) |
|---|
| संयम | 24/11/2024 04:14 PM (6 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 285972 [EnGenius ENH1350EXT/ENS500-AC/ENS620EXT तक 20241118 wifi_schedule wifi_schedule_day_em_5 अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|