Engeniustech: >> Ews356-Fit Firmware Security Vulnerabilities
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-11-11
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-10-30