CVE-2024-11652

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118

Description A critical vulnerability affects an unknown functionality of the file /admin/sn package/sn https. The manipulation of the argument https enable leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118, update to the latest firmware and apply all recommended patches to safeguard your systems. As a temporary workaround, consider restricting access to the /admin/sn package/sn https file until a patch is available. Avoid using the argument https enable in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.