CVE-2024-53920

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2024
Updated: Dec 2, 2024
CWE ID 94

Summary

CVE-2024-31976 is a newly disclosed vulnerability affecting EnGenius EWS356-FIR devices running version 1.1.30 and older. This issue permits remote attackers to execute arbitrary OS commands by manipulating the Controller connectivity parameter. Successful exploitation could lead to significant security risks, as attackers could gain unauthorized access and control over the impacted devices. Organizations using these devices are advised to update to the latest software version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share