CVE-2019-11353 — CRITICAL (9.8)

Vulnerability Description

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Engeniustech	Ews660Ap Firmware	2.0.284
Engeniustech	Ews660Ap	-

Related Weaknesses (CWE)

CWE-78

References

https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660apExploitThird Party Advisory
https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660apProductVendor Advisory
https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660apExploitThird Party Advisory
https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660apProductVendor Advisory

FAQ

What is CVE-2019-11353?

CVE-2019-11353 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple ...

How severe is CVE-2019-11353?

CVE-2019-11353 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-11353?

Check the references section above for vendor advisories and patch information. Affected products include: Engeniustech Ews660Ap Firmware, Engeniustech Ews660Ap.