VYPR
Vendor

EnGenius

Products
10
CVEs
18
Across products
36
Status
Private

Products

10

Recent CVEs

18
  • CVE-2025-34035CriJun 24, 2025
    risk 0.65cvss 9.8epss 0.12

    An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.…

  • CVE-2024-36061CriNov 11, 2024
    risk 0.64cvss 9.8epss 0.01

    EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.

  • CVE-2019-11353CriMay 9, 2019
    risk 0.64cvss 9.8epss 0.03

    The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.

  • CVE-2024-36060HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters.

  • CVE-2024-45242HigOct 24, 2024
    risk 0.53cvss 7.8epss 0.35

    EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with…

  • CVE-2024-31976HigNov 27, 2024
    risk 0.52cvss 8.0epss 0.01

    EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.

  • CVE-2025-28371MedMay 19, 2025
    risk 0.42cvss 6.5epss 0.00

    EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

  • CVE-2024-11659MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.28

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_iperf. The manipulation of the argument iperf leads to command injection. The…

  • CVE-2024-11658MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.28

    A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajax_getChannelList. The manipulation of the argument countryCode leads…

  • CVE-2024-11657MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.28

    A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to command injection. It is…

  • CVE-2024-11656MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.27

    A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This issue affects some unknown processing of the file /admin/network/diag_ping6. The manipulation of the argument diag_ping6 leads to command…

  • CVE-2024-11655MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.27

    A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diag_pinginterface. The manipulation of the argument diag_ping leads to command injection. The…

  • CVE-2024-11654MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.28

    A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This affects an unknown part of the file /admin/network/diag_traceroute6. The manipulation of the argument diag_traceroute6 leads to command injection. It is…

  • CVE-2024-11653MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.28

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_traceroute. The manipulation of the argument diag_traceroute leads to…

  • CVE-2024-11652MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.29

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument https_enable leads to…

  • CVE-2024-11651MedNov 25, 2024
    risk 0.33cvss 4.7epss 0.26

    A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been classified as critical. Affected is an unknown function of the file /admin/network/wifi_schedule. The manipulation of the argument wifi_schedule_day_em_5 leads to command…

  • CVE-2024-31975MedOct 30, 2024
    risk 0.31cvss 4.8epss 0.00

    EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.

  • CVE-2024-31972MedOct 30, 2024
    risk 0.28cvss 4.3epss 0.00

    EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way…