← Back

Ews356 Fit Firmware

ews356-fit_firmware

Vendor: Engeniustech • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-36061
1Engeniustech
1Ews356 Fit Firmware
Jan 26, 2026
Nov 11, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities.
CVE-2024-31975
1Engeniustech
1Ews356 Fit Firmware
Jan 26, 2026
Oct 30, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field'...Show more
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.Show less