CVE-2019-11353 Information
Feb 14, 2021
cve
Description
The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/ https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: