Engeniustech Ews356-Fit Firmware vulnerabilities
2 known vulnerabilities affecting engeniustech/ews356-fit_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-36061P2CRITICALCVSS 9.8≤ 1.1.302024-11-11
CVE-2024-36061 [CRITICAL] CWE-78 CVE-2024-36061: EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
nvd
CVE-2024-31975P4MEDIUMCVSS 4.8≤ 1.1.302024-10-30
CVE-2024-31975 [MEDIUM] CWE-79 CVE-2024-31975: EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.
nvd