Invia #446637: EnGenius ENS500-AC 3.7.20 Command Injectioninformazioni

Titolo	EnGenius ENS500-AC 3.7.20 Command Injection
Descrizione	Engenius full range of routing devices /admin/network/diag_traceroute6 interface has a command injection vulnerability, after the user logs in to the device, the diag_traceroute6 parameter command injection, the final system can successfully execute the command, can directly obtain system permissions.
Fonte	⚠️ https://k9u7kv33ub.feishu.cn/wiki/YrKfwHqLjijPeYkMTQfcdhrBnyg?from=from_copylink
Utente	liutong (UID 76264)
Sottomissione	18/11/2024 14:22 (2 anni fa)
Moderazione	24/11/2024 16:14 (6 days later)
Stato	Accettato
Voce VulDB	285975 [EnGenius ENH1350EXT/ENS500-AC/ENS620EXT fino a 20241118 diag_traceroute6 escalationi di privilegi]
Punti	18

Might our Artificial Intelligence support you?

Check our Alexa App!