ГлавнаяУязвимости → CVE-2024-36061
9.8критическая

CVE-2024-36061

Описание

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.

Затрагиваемое ПО
Engeniustech Ews356-fit firmwareEngeniustech Ews356-fit
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-36061