Vulnerability Description
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Engeniustech | Ews356-Fit Firmware | <= 1.1.30 |
| Engeniustech | Ews356-Fit | - |
Related Weaknesses (CWE)
References
- https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-36061Third Party Advisory
FAQ
What is CVE-2024-36061?
CVE-2024-36061 is a vulnerability with a CVSS score of 9.8 (CRITICAL). EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
How severe is CVE-2024-36061?
CVE-2024-36061 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-36061?
Check the references section above for vendor advisories and patch information. Affected products include: Engeniustech Ews356-Fit Firmware, Engeniustech Ews356-Fit.