Submit #446623: EnGenius ENS500 3.7.20 Command Injectioninfo

TitleEnGenius ENS500 3.7.20 Command Injection
DescriptionThere is a command injection vulnerability in the Engenius routing device /admin/network/wifi_schedule interface. After the user logs in to the device, command injection is performed on parameters such as wifi_schedule_day_em_5, and the system can successfully execute commands, which can directly obtain system permissions. This affects all versions, including the latest firmware version.
Source⚠️ https://k9u7kv33ub.feishu.cn/wiki/XIepwv7goiCcYxk5QAgc8Q2LnMc?from=from_copylink
User
 liutong (UID 76264)
Submission11/18/2024 14:17 (1 Year ago)
Moderation11/24/2024 16:14 (6 days later)
StatusAccepted
VulDB entry285972 [EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 wifi_schedule wifi_schedule_day_em_5 command injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!