Search
Find a vulnerability
Search criteria
2 vulnerabilities by engeniustech
VAR-201707-1348
Vulnerability from variot - Updated: 2025-11-21 23:24An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Â Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC. ESR300 firmware, ESR350 firmware, ESR600 firmware etc. (DoS) It may be in a state. EnGenius Enshare is a USB media storage sharing application. Allows an attacker to exploit a vulnerability to execute arbitrary code. With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. The EnShare feature allows you to access media content stored on a USB hard drive connected to the router's USB port in the home and when you are away from home when you have access to the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.0.23"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.5"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.7"
},
{
"model": "esr1200",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.1"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.5"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.1.28"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.1.0"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.2.2.23"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.1.26"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.5.18"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.0"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.11"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.1.63"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.9"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.11"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.3"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.1.41"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.9"
},
{
"model": "esr1200",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.1.0"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.2.1.46"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.0"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.0"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.2"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.5"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.3"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.1.0.50"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.2"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.1.42"
},
{
"model": "esr600",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.1"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.2.0"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.3.17"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.1.34"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.3"
},
{
"model": "esr1200",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.5"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.2"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.1.0.28"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.0"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.1.0"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.9"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.2.2.27"
},
{
"model": "esr1200",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.1.34"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.3"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.9.21"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.0"
},
{
"model": "esr300",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.2"
},
{
"model": "epg5000",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.3.7.20"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.1.0.29"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.0"
},
{
"model": "esr1750",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.1"
},
{
"model": "esr900",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.5"
},
{
"model": "esr350",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.0"
},
{
"model": "esr1200",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "1.4.3"
},
{
"model": "epg5000",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "esr1200",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "esr600",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "esr350",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "esr300",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "esr1750",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "esr900",
"scope": null,
"trust": 0.8,
"vendor": "engenius",
"version": null
},
{
"model": "enshare iot gigabit cloud service",
"scope": "eq",
"trust": 0.6,
"vendor": "engenius",
"version": "1.4.11"
},
{
"model": "enshare iot gigabit cloud service",
"scope": "eq",
"trust": 0.3,
"vendor": "engenius",
"version": "1.1.0)"
},
{
"model": "enshare iot gigabit cloud service",
"scope": "eq",
"trust": 0.1,
"vendor": "engenius",
"version": "1.1.0.28)"
},
{
"model": "enshare iot gigabit cloud service",
"scope": "eq",
"trust": 0.1,
"vendor": "engenius",
"version": "1.1.0.29)"
},
{
"model": "enshare iot gigabit cloud service",
"scope": "eq",
"trust": 0.1,
"vendor": "engenius",
"version": "1.1.0.50)"
},
{
"model": "enshare iot gigabit cloud service",
"scope": "eq",
"trust": 0.1,
"vendor": "engenius",
"version": "1.2.0)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
}
],
"trust": 0.1
},
"cve": "CVE-2025-34035",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-13571",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-34035",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-34035",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-34035",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2025-34035",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2025-34035",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-13571",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5413",
"trust": 0.1,
"value": "(5/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. \u00a0Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC. ESR300 firmware, ESR350 firmware, ESR600 firmware etc. (DoS) It may be in a state. EnGenius Enshare is a USB media storage sharing application. Allows an attacker to exploit a vulnerability to execute arbitrary code. With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. The EnShare feature allows you to access media content stored on a USB hard drive connected to the router\u0027s USB port in the home and when you are away from home when you have access to the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-34035"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"db": "ZSL",
"id": "ZSL-2017-5413"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/enshare_rce.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-34035",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "42114",
"trust": 2.5
},
{
"db": "CXSECURITY",
"id": "WLB-2017060050",
"trust": 1.9
},
{
"db": "ZSL",
"id": "ZSL-2017-5413",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "142792",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848",
"trust": 0.8
},
{
"db": "EXPLOITDB",
"id": "42114",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-13571",
"trust": 0.6
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"id": "VAR-201707-1348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13571"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13571"
}
]
},
"last_update_date": "2025-11-21T23:24:14.983000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://cxsecurity.com/issue/wlb-2017060050"
},
{
"trust": 1.8,
"url": "https://vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/42114"
},
{
"trust": 1.8,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5413.php"
},
{
"trust": 1.1,
"url": "https://packetstormsecurity.com/files/142792"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-34035"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42114/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127026"
},
{
"trust": 0.1,
"url": "https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27\u0026amp;title=esr900"
},
{
"trust": 0.1,
"url": "https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27\u0026amp;title=esr600"
},
{
"trust": 0.1,
"url": "https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27\u0026amp;title=epg5000"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20170606/13644.html"
},
{
"trust": 0.1,
"url": "https://badpackets.net/engenius-routers-found-in-mirai-like-botnet/"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-04T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"date": "2025-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"date": "2025-06-24T01:15:24.763000",
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5413"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13571"
},
{
"date": "2025-07-25T02:44:00",
"db": "JVNDB",
"id": "JVNDB-2025-009848"
},
{
"date": "2025-11-20T22:15:56.183000",
"db": "NVD",
"id": "CVE-2025-34035"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0EnGenius\u00a0Technologies\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009848"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Local/Remote,System Access",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5413"
}
],
"trust": 0.1
}
}
VAR-201905-1017
Vulnerability from variot - Updated: 2024-11-23 22:41The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. EnGenius EWS660AP There is a command injection vulnerability in the router firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. EnGenius Technologies EWS660AP is a wireless access point device produced by EnGenius Technologies in the United States. An attacker could exploit this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ews660ap",
"scope": "eq",
"trust": 1.0,
"vendor": "engeniustech",
"version": "2.0.284"
},
{
"model": "ews660ap",
"scope": "eq",
"trust": 0.8,
"vendor": "engenius",
"version": "2.0.284"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:engeniustech:ews660ap_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
}
]
},
"cve": "CVE-2019-11353",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11353",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-142991",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11353",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11353",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11353",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-223",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-142991",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11353",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142991"
},
{
"db": "VULMON",
"id": "CVE-2019-11353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
},
{
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. EnGenius EWS660AP There is a command injection vulnerability in the router firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. EnGenius Technologies EWS660AP is a wireless access point device produced by EnGenius Technologies in the United States. An attacker could exploit this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "VULHUB",
"id": "VHN-142991"
},
{
"db": "VULMON",
"id": "CVE-2019-11353"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11353",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-223",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142991",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11353",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142991"
},
{
"db": "VULMON",
"id": "CVE-2019-11353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
},
{
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"id": "VAR-201905-1017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142991"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:41:29.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EWS660AP",
"trust": 0.8,
"url": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/"
},
{
"title": "EnGenius Technologies EWS660AP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92417"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142991"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/"
},
{
"trust": 1.8,
"url": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11353"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11353"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142991"
},
{
"db": "VULMON",
"id": "CVE-2019-11353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
},
{
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142991"
},
{
"db": "VULMON",
"id": "CVE-2019-11353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
},
{
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-142991"
},
{
"date": "2019-05-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11353"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"date": "2019-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-223"
},
{
"date": "2019-05-09T14:29:00.417000",
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142991"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11353"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004472"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-223"
},
{
"date": "2024-11-21T04:20:55.770000",
"db": "NVD",
"id": "CVE-2019-11353"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EnGenius EWS660AP Command Injection Vulnerability in Router Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004472"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-223"
}
],
"trust": 0.6
}
}