Vulnerability Description
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument https_enable leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Engeniustech | Enh1350Ext Firmware | All versions |
| Engeniustech | Enh1350Ext | - |
| Engeniustech | Ens500-Ac Firmware | All versions |
| Engeniustech | Ens500-Ac | - |
| Engeniustech | Ens620Ext Firmware | All versions |
| Engeniustech | Ens620Ext | - |
Related Weaknesses (CWE)
References
- https://k9u7kv33ub.feishu.cn/wiki/Rf7wwXMpQiJkp8kp4pmcZb2tnPeExploitThird Party Advisory
- https://vuldb.com/?ctiid.285973Permissions RequiredVDB Entry
- https://vuldb.com/?id.285973Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.446629Third Party AdvisoryVDB Entry
FAQ
What is CVE-2024-11652?
CVE-2024-11652 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admi...
How severe is CVE-2024-11652?
CVE-2024-11652 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-11652?
Check the references section above for vendor advisories and patch information. Affected products include: Engeniustech Enh1350Ext Firmware, Engeniustech Enh1350Ext, Engeniustech Ens500-Ac Firmware, Engeniustech Ens500-Ac, Engeniustech Ens620Ext Firmware.