| tiêu đề | EnGenius ENS500 3.7.20 Command Injection |
|---|
| Mô tả | There is a command injection vulnerability in the Engenius routing device /admin/network/wifi_schedule interface. After the user logs in to the device, command injection is performed on parameters such as wifi_schedule_day_em_5, and the system can successfully execute commands, which can directly obtain system permissions. This affects all versions, including the latest firmware version. |
|---|
| Nguồn | ⚠️ https://k9u7kv33ub.feishu.cn/wiki/XIepwv7goiCcYxk5QAgc8Q2LnMc?from=from_copylink |
|---|
| Người dùng | liutong (UID 76264) |
|---|
| Đệ trình | 18/11/2024 14:17 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 24/11/2024 16:14 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 285972 [EnGenius ENH1350EXT/ENS500-AC/ENS620EXT đến 20241118 wifi_schedule wifi_schedule_day_em_5 nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|