CVE-2024-45242

{"id": "CVE-2024-45242", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-24T20:15:04.243", "references": [{"url": "https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-45242", "source": "[email protected]"}, {"url": "https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-45242_Extended_Report.pdf", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions."}, {"lang": "es", "value": "Los dispositivos EnGenius ENH1350EXT A8J-ENH1350EXT hasta 3.9.3.2_c1.9.51 permiten la inyecci\u00f3n (ciega) de comandos del SO a trav\u00e9s de metacaracteres de shell a la utilidad Ping o Speed Test. Durante el tiempo de configuraci\u00f3n inicial, el dispositivo crea una red abierta no segura cuyo panel de administraci\u00f3n est\u00e1 configurado con las credenciales predeterminadas de admin/admin. Un atacante no autorizado que se encuentre cerca de la red Wi-Fi puede aprovechar este lapso de tiempo para ejecutar comandos arbitrarios del SO con permisos de nivel ra\u00edz."}], "lastModified": "2024-10-28T19:35:26.440", "sourceIdentifier": "[email protected]"}