CVE-2024-11657

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118

Description A critical issue was found in the affected devices, allowing for command injection through the manipulation of the diag nslookup argument in the /admin/network/diag nslookup file. This can be exploited remotely. The issue has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations For EnGenius ENH1350EXT versions up to 20241118, consider disabling access to the /admin/network/diag nslookup file until a patch is available. For EnGenius ENS500-AC versions up to 20241118, restrict the use of the diag nslookup argument in the affected file to minimize the risk of exploitation. For EnGenius ENS620EXT versions up to 20241118, avoid using the /admin/network/diag nslookup file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.