Key Information Vulnerability Description Vulnerability Name: ENGELIUS ENH1350EXT/ENS500-AC/ENS620EXT UP TO 20241118 DIAG_TRACEROUTE COMMAND INJECTION Affected Versions: EnGenius ENH1350EXT, ENS500-AC, ENS620EXT up to 20241118 CVSS Meta Temp Score: 4.5 Current Exploit Price: $0-$5k CTI Interest Score: 1.38 Vulnerability Impact Issue Description: Command injection vulnerability caused by unknown input in the diag_traceroute parameter via the unknown file /admin/network/diag_traceroute. CWE: CWE-77 Affected Components: Confidentiality, Integrity, and Availability. Vulnerability Details Vulnerability Description: Command injection vulnerability via the unknown file /admin/network/diag_traceroute, exploiting the diag_traceroute parameter. The attack can be initiated remotely and requires additional authentication level for exploitation. Technical details and public exploits are known. Vulnerability ID: CVE-2024-11653 Exploit Difficulty: Easy Exploit Method: Remote Attack Known Exploits: Publicly Available Vendor Contact: Early contact made, no response received. Additional Information Vulnerability Link: k9u7kv33ub.feishu.cn Related Vulnerabilities: VDB-285972, VDB-285973, VDB-285975, VDB-285976 Recommendation: Replace affected devices. Extra Information MITRE ATT&CK: T1202 Exploit Status: Proof of Concept Vendor Response: Early contact made, no response received.