VDB-285977 · CVE-2024-11656 · GCVE-100-285977

EnGenius ENH1350EXT/ENS500-AC/ENS620EXT har 20241118 diag_ping6 kura hakki ndiyam

Hakika vulnerability da aka rarraba a matsayin kura an gano a EnGenius ENH1350EXT, ENS500-AC and ENS620EXT har 20241118. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /admin/network/diag_ping6, a cikin sashi $software_component. Wuro manipulation of the argument diag_ping6 ga kura hakki ndiyam. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-77. Lalle, rauni an sanar da shi 11/24/2024. Ana samun bayanin tsaro don saukewa a k9u7kv33ub.feishu.cn. Ana kiran wannan rauni da CVE-2024-11656. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a k9u7kv33ub.feishu.cn. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

2 Goyarwa · 97 Datenpunkte

Furɗe	Súgá 11/24/2024 16:19	Gargadi 1/1 12/11/2024 03:06
software_vendor	EnGenius	EnGenius
software_name	ENH1350EXT/ENS500-AC/ENS620EXT	ENH1350EXT/ENS500-AC/ENS620EXT
software_version	<=20241118	<=20241118
software_file	/admin/network/diag_ping6	/admin/network/diag_ping6
software_argument	diag_ping6	diag_ping6
vulnerability_cwe	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	H	H
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://k9u7kv33ub.feishu.cn/wiki/FBJCwjFPZiY4aakElh6cwF25nff	https://k9u7kv33ub.feishu.cn/wiki/FBJCwjFPZiY4aakElh6cwF25nff
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://k9u7kv33ub.feishu.cn/wiki/FBJCwjFPZiY4aakElh6cwF25nff	https://k9u7kv33ub.feishu.cn/wiki/FBJCwjFPZiY4aakElh6cwF25nff
source_cve	CVE-2024-11656	CVE-2024-11656
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	M	M
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_pr	H	H
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	L	L
cvss4_vuldb_e	P	P
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0
cvss3_vuldb_basescore	4.7	4.7
cvss3_vuldb_tempscore	4.3	4.3
cvss3_meta_basescore	4.7	5.5
cvss3_meta_tempscore	4.3	5.4
cvss4_vuldb_bscore	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0
advisory_date	1732402800 (11/24/2024)	1732402800 (11/24/2024)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This issue affects some unknown processing of the file /admin/network/diag_ping6. The manipulation of the argument diag_ping6 leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad, que se ha clasificado como crítica, en EnGenius ENH1350EXT, ENS500-AC y ENS620EXT hasta 20241118. Este problema afecta a algunos procesos desconocidos del archivo /admin/network/diag_ping6. La manipulación del argumento diag_ping6 conduce a la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		H
cvss4_cna_ui		N
cvss4_cna_vc		L
cvss4_cna_vi		L
cvss4_cna_va		L
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		5.1
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		H
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		L
cvss3_cna_a		L
cvss3_cna_basescore		4.7
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		H
cvss3_nvd_ui		N
cvss3_nvd_s		U
cvss3_nvd_c		H
cvss3_nvd_i		H
cvss3_nvd_a		H
cvss3_nvd_basescore		7.2
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		M
cvss2_cna_ci		P
cvss2_cna_ii		P
cvss2_cna_ai		P
cvss2_cna_basescore		5.8

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!