VYPR

EWS356-FIR

by EnGenius

CVEs (3)

  • CVE-2024-36061CriNov 11, 2024
    risk 0.64cvss 9.8epss 0.01

    EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.

  • CVE-2024-31976HigNov 27, 2024
    risk 0.52cvss 8.0epss 0.01

    EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.

  • CVE-2024-31975MedOct 30, 2024
    risk 0.31cvss 4.8epss 0.00

    EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.