EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.
References
| Link | Resource |
|---|---|
| https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31976 | Third Party Advisory |
| https://github.com/actuator/cve/tree/main/EnGenius/EWS356-FIT | Broken Link |
Configurations
Configuration 1 (hide)
| AND |
|
History
26 Jan 2026, 20:11
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Engeniustech ews356-fir
Engeniustech ews356-fir Firmware |
|
| CPE | cpe:2.3:h:engeniustech:ews356:-:*:*:*:*:*:*:* |
cpe:2.3:o:engeniustech:ews356-fir_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:engeniustech:ews356-fir:-:*:*:*:*:*:*:* |
26 Jan 2026, 15:53
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Engeniustech ews356
Engeniustech Engeniustech ews356 Firmware |
|
| CPE | cpe:2.3:o:engeniustech:ews356_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:engeniustech:ews356:-:*:*:*:*:*:*:* |
|
| References | () https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31976 - Third Party Advisory | |
| References | () https://github.com/actuator/cve/tree/main/EnGenius/EWS356-FIT - Broken Link |
29 Nov 2024, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
| CWE | CWE-78 |
27 Nov 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-11-27 17:15
Updated : 2026-01-26 20:11
NVD link : CVE-2024-31976
Mitre link : CVE-2024-31976
CVE.ORG link : CVE-2024-31976
JSON object : View
Products Affected
engeniustech
- ews356-fir_firmware
- ews356-fir
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')