Command Injection Vulnerability in EnGenius EWS660AP Router Firmware 2.0.284

Command Injection Vulnerability in EnGenius EWS660AP Router Firmware 2.0.284

CVE-2019-11353 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.

Learn more about our Web Application Penetration Testing UK.