CVE-2024-11657 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 diag_nslookup command injection

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to command injection.

This vulnerability is traded as CVE-2024-11657. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11657 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 diag_nslookup command injection

Post correlati

CVE-2024-39350 | Synology Camera prior 1.0.7-0298 RTSP authentication spoofing (SA_23_15)

CVE-2023-52160 | wpa_supplicant PEAP authorization

CVE-2024-41462 | Tenda FH1201 1.2.0.14 ip/goform/DhcpListClient page stack-based overflow

CVE-2024-36844 | libmodbus 3.1.6 Message use after free