Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31975 | 1 Engeniustech | 2 Ews356-fit, Ews356-fit Firmware | 2026-01-26 | N/A | 4.8 MEDIUM |
| EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button. | |||||
| CVE-2024-36061 | 1 Engeniustech | 2 Ews356-fit, Ews356-fit Firmware | 2026-01-26 | N/A | 9.8 CRITICAL |
| EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities. | |||||