CVE-2024-11653

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118

Description A critical issue affects some unknown functionality of the file /admin/network/diag traceroute. The manipulation of the diag traceroute argument leads to command injection. This issue can be exploited remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond.

Recommendations For EnGenius ENH1350EXT versions up to 20241118, consider disabling access to the /admin/network/diag traceroute file until a patch is available. For EnGenius ENS500-AC versions up to 20241118, restrict the use of the diag traceroute argument in the /admin/network/diag traceroute file to minimize the risk of exploitation. For EnGenius ENS620EXT versions up to 20241118, avoid using the diag traceroute argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.