CVE-2024-11659

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118

Description A critical issue affects some unknown functionality of the file /admin/network/diag iperf. The manipulation of the iperf argument leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For EnGenius ENH1350EXT versions up to 20241118, consider disabling access to the /admin/network/diag iperf file until a patch is available. For EnGenius ENS500-AC versions up to 20241118, consider disabling access to the /admin/network/diag iperf file until a patch is available. For EnGenius ENS620EXT versions up to 20241118, consider disabling access to the /admin/network/diag iperf file until a patch is available. As a temporary workaround, consider restricting the use of the iperf argument in the affected file until a patch is available.