CVE-2024-31976 is a remote command injection vulnerability identified in EnGenius EWS356-FIR wireless access points running firmware version 1.1.30 and earlier. The flaw exists in the Controller connectivity parameter, which fails to properly sanitize input, allowing an authenticated remote attacker with low privileges to inject and execute arbitrary OS commands on the device. This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS v3.1 base score is 8.0, indicating high severity, with the vector AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack requires network access with low complexity and low privileges, no user interaction, and impacts confidentiality, integrity, and availability. Exploiting this vulnerability could allow attackers to take full control of the device, manipulate network traffic, disrupt services, or use the device as a foothold for further attacks within the network. As of the publication date, no patches or known exploits have been reported, but the risk remains significant due to the critical nature of the flaw and the device’s role in network infrastructure.

The vulnerability allows remote attackers to execute arbitrary OS commands on EnGenius EWS356-FIR devices, potentially leading to full device compromise. This can result in unauthorized access to sensitive network data, disruption of wireless network services, and the ability to pivot to other internal systems. The impact spans confidentiality, integrity, and availability, as attackers can intercept or alter data, disrupt network connectivity, or deploy persistent malware. Organizations relying on these devices for wireless connectivity, especially in enterprise, education, or service provider environments, face increased risk of network breaches and operational downtime. The lack of available patches increases exposure time, and the relatively low privilege requirement combined with no user interaction needed makes exploitation feasible for motivated attackers with network access.

1. Immediately restrict access to the management interfaces of EnGenius EWS356-FIR devices to trusted networks and administrators only, using network segmentation and firewall rules. 2. Implement strong authentication and access controls to limit who can interact with the Controller connectivity parameter. 3. Monitor device logs and network traffic for unusual command execution patterns or unauthorized access attempts. 4. Disable or limit remote management features if not required. 5. Regularly audit device firmware versions and configurations to identify vulnerable devices. 6. Engage with EnGenius support channels to obtain information on patches or firmware updates addressing this vulnerability and apply them promptly once available. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect command injection attempts targeting these devices. 8. Educate network administrators about this vulnerability and enforce strict operational security practices around device management.