EnGenius 漏洞列表
共找到 5 个与 EnGenius 相关的漏洞
📅 加载漏洞趋势中...
-
EnGenius /web/cgi-bin/usbinteract.cgi 命令执行漏洞 无POC
EnGenius usbinteract.cgi接口处存在远程命令执行漏洞,未经身份验证的远程攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。 -
CVE-2025-34035: EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution POC
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected commands are executed with root privileges, leading to full system compromise. -
CVE-2025-34035: EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution POC
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected commands are executed with root privileges, leading to full system compromise. -
EnGenius /usbinteract.cgi 路径存在远程命令执行 无POC
EnGenius是一块内含多个模块的智能路由器,可以将iOS设备或者Android设备上的视频,音乐和其他文件传输到路由器连接的USB硬盘驱动器,可以扩展摄像头等安防设备。该漏洞主要是EnShare的usbinteract.cgi文件path参数过滤不严,造成了EnShare受到未经身份验证的命令注入漏洞的攻击。攻击者可以通过usbinteract.cgi脚本解析的'路径'GET/ POST参数作为root用户注入和执行任意代码 -
EnGenius EnShare IoT设备-远程命令执行 无POC
EnGenius EnShare IoT设备存在漏洞,可以造成远程代码执行,对服务器进行任意命令执行。