Submit #446640: EnGenius ENS500-AC 3.7.20 Command Injectioninfo

Title	EnGenius ENS500-AC 3.7.20 Command Injection
Description	Engenius multiple devices /admin/network/diag_nslookup interface has a command injection vulnerability, after the user logs in to the device, the diag_nslookup parameters command injection, the final system can successfully execute the command, can directly obtain system permissions.
Source	⚠️ https://k9u7kv33ub.feishu.cn/wiki/RURswTkepiuKCzkGMd2cA1M2nNc
User	liutong (UID 76264)
Submission	11/18/2024 14:26 (2 years ago)
Moderation	11/24/2024 16:14 (6 days later)
Status	Accepted
VulDB entry	285978 [EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 diag_nslookup command injection]
Points	18

Might our Artificial Intelligence support you?

Check our Alexa App!