CVE-2024-36060

Name of the Vulnerable Software and Affected Versions EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0

Description The issue allows blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. This can potentially be exploited to execute unauthorized commands on the device.

Recommendations For EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0, as a temporary workaround, consider restricting access to the Ping and Speed Test features until a patch is available. Avoid using shell metacharacters in these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.