CVE-2024-11657 – This critical vulnerability allows remote attac... (How to Fix)

Q: What is the severity of CVE-2024-11657?

CVE-2024-11657 has a CVSS score of 4.7 (MEDIUM). This critical vulnerability allows remote attackers to execute arbitrary commands on affected EnGenius networking devices by injecting malicious input into the diag_nslookup parameter. The attack can be performed without authentication and affects EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT devices with firmware up to November 18, 2024.

📋 TL;DR

This critical vulnerability allows remote attackers to execute arbitrary commands on affected EnGenius networking devices by injecting malicious input into the diag_nslookup parameter. The attack can be performed without authentication and affects EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT devices with firmware up to November 18, 2024.

💻 Affected Systems

Products:

EnGenius ENH1350EXT
EnGenius ENS500-AC
EnGenius ENS620EXT

Versions: All versions up to 20241118

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web administration interface; devices with admin interface exposed to network are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent backdoors, pivot to internal networks, exfiltrate data, or use device as botnet member.

🟠

Likely Case

Attacker gains shell access to device, modifies configurations, intercepts network traffic, or uses device for further attacks.

🟢

If Mitigated

Attack blocked at network perimeter; device isolated and monitored for suspicious activity.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details publicly disclosed; simple HTTP request with command injection payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Contact EnGenius support for firmware updates. Check vendor website regularly for security advisories.

🔧 Temporary Workarounds

Network Isolation

linux

Block access to admin interface from untrusted networks

iptables -A INPUT -p tcp --dport 80 -s ! TRUSTED_NETWORK -j DROP
iptables -A INPUT -p tcp --dport 443 -s ! TRUSTED_NETWORK -j DROP

Disable Web Interface

linux

Temporarily disable web administration if not needed

killall httpd
chmod 000 /www/cgi-bin/admin/network/diag_nslookup

🧯 If You Can't Patch

Isolate affected devices in separate VLAN with strict firewall rules
Implement network monitoring for suspicious HTTP requests to /admin/network/diag_nslookup

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP POST request to /admin/network/diag_nslookup with command injection payload in diag_nslookup parameter

Check Version:

Check web interface System Status page or ssh into device and run 'cat /etc/version'

Verify Fix Applied:

Test same payload after mitigation; should receive error or no command execution

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /admin/network/diag_nslookup with shell metacharacters
Unusual process execution in device logs
Failed authentication attempts followed by diag_nslookup access

Network Indicators:

HTTP traffic to device on port 80/443 containing 'diag_nslookup' parameter with pipe (|), semicolon (;), or backtick (`) characters

SIEM Query:

source="device_logs" AND uri_path="/admin/network/diag_nslookup" AND (request_body="*;*" OR request_body="*|*" OR request_body="*`*")

📊 Metadata

CVE ID: CVE-2024-11657

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

Published: November 25, 2024

Last Updated: February 12, 2025

🔗 References

https://k9u7kv33ub.feishu.cn/wiki/RURswTkepiuKCzkGMd2cA1M2nNc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.285978 Permissions Required,VDB Entry
https://vuldb.com/?id.285978 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.446640 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11657, you might also want to check these: