CVE-2019-11353 - OpenCVE

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Engeniustech	Ews660ap Ews660ap Firmware

Configuration 1 [-]

AND

cpe:2.3:h:engeniustech:ews660ap:-:*:*:*:*:*:*:*

cpe:2.3:o:engeniustech:ews660ap_firmware:2.0.284:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/
https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-09T13:32:46

Updated: 2024-08-04T22:48:09.153Z

Reserved: 2019-04-19T00:00:00

Link: CVE-2019-11353

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-05-09T14:29:00.417

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-11353

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-09T13:32:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/"}, {"tags": ["x_refsource_MISC"], "url": "https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11353", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/", "refsource": "MISC", "url": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/"}, {"name": "https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/", "refsource": "MISC", "url": "https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.153Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11353", "datePublished": "2019-05-09T13:32:46", "dateReserved": "2019-04-19T00:00:00", "dateUpdated": "2024-08-04T22:48:09.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:engeniustech:ews660ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "687FC9C9-6558-48D4-B878-8D8EDDA0B348", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:engeniustech:ews660ap_firmware:2.0.284:*:*:*:*:*:*:*", "matchCriteriaId": "5F1121BD-2074-4479-A87E-0A8C0B197229", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version."}, {"lang": "es", "value": "El router EnGenius EWS660AP con firmware versi\u00f3n 2.0.284, que permite que un atacante ejecute comandos arbitrarios utilizando las utilidades ping y traceroute incorporadas al usar diferentes cargas e inyectar m\u00faltiples par\u00e1metros. Esta vulnerabilidad se corrige en la siguiente versi\u00f3n de firmware."}], "id": "CVE-2019-11353", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-09T14:29:00.417", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securityshards.wordpress.com/2019/04/21/cve-2019-11353-engenius-ews660ap-arbitrary-code-execution/"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.engeniustech.com/engenius-products/managed-outdoor-wireless-ews660ap/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}