Engeniustech Ews356-fit Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Engeniustech Ews356-fit Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2024-36061 — CVSS 9.8 (critical): EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via…
CVE-2024-31975 — CVSS 4.8 (medium): EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript…