CVE-2024-45242

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2 c1.9.51

Description The issue allows for OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During initial setup, the device creates an open unsecured network with default admin panel credentials of admin/admin. An attacker in proximity to the Wi-Fi network can exploit this to execute arbitrary OS commands with root-level permissions.

Recommendations For EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2 c1.9.51, consider changing the default admin credentials immediately after setup and restricting access to the Ping or Speed Test utility until a patch is available. As a temporary workaround, avoid using the device's default credentials and ensure the admin panel is secured as soon as possible after initial setup.