CVE-2024-45242

Published: Oct 24, 2024

Modified: Oct 28, 2024

PUBLISHED

Description

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-45242_Extended_Report.pdf

https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-45242

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-45242

Description

Affected Products

References