CVE-2024-11654 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 diag_traceroute6 command injection

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This affects an unknown part of the file /admin/network/diag_traceroute6. The manipulation of the argument diag_traceroute6 leads to command injection.

This vulnerability is uniquely identified as CVE-2024-11654. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11654 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 diag_traceroute6 command injection

Post correlati

CVE-2024-45719 | Apache Answer up to 1.4.0 UUID v1 inadequate encryption

CVE-2024-36500 | Huawei HarmonyOS/EMUI AMS Module privileges management

CVE-2023-6703 | Google Chrome prior 120.0.6099.109 Blink use after free

CVE-2024-9226 | fatcatapps Landing Page Cat Plugin up to 1.7.6 on WordPress add_query_arg cross site scripting