← Advisories

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

Critical
Advisory ID
ZSL-2017-5413
Release Date
04 June 2017
Vendor
EnGenius Technologies Inc. - https://www.engeniustech.com
Affected Version
ESR300 (1.4.9, 1.4.7, 1.4.2, 1.4.1.28, 1.4.0, 1.3.1.42, 1.1.0.28), ESR350 (1.4.11, 1.4.9, 1.4.5, 1.4.2, 1.4.0, 1.3.1.41, 1.1.0.29), ESR600 (1.4.11, 1.4.9, 1.4.5, 1.4.3, 1.4.2, 1.4.1, 1.4.0.23, 1.3.1.63, 1.2.1.46, 1.1.0.50), EPG5000 (1.3.9.21, 1.3.7.20, 1.3.3.17, 1.3.3, 1.3.2, 1.3.0, 1.2.0), ESR900 (1.4.5, 1.4.3, 1.4.0, 1.3.5.18 build-12032015@liwei (5668b74), 1.3.1.26, 1.3.0, 1.2.2.23, 1.1.0), ESR1200 (1.4.5, 1.4.3, 1.4.1, 1.3.1.34, 1.1.0), ESR1750 (1.4.5, 1.4.3, 1.4.1, 1.4.0, 1.3.1.34, 1.3.0, 1.2.2.27, 1.1.0)
CVE
CVE-2025-34035
Tested On
Linux 2.6.36 (mips), Embedded HTTP Server ,Firmware Version 5.11, lighttpd/1.4.31
Summary

With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. Enshare is a USB media storage sharing application that enables access to files remotely. The EnShare feature allows you to access media content stored on a USB hard drive connected to the router's USB port in the home and when you are away from home when you have access to the Internet. By default the EnShare feature is enabled.

Description

EnGenius EnShare suffers from an unauthenticated command injection vulnerability. An attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.

Proof of Concept
enshare_rce.pyTXT
Disclosure Timeline
17.05.2017Vulnerability discovered.
28.05.2017Contact with the vendor.
03.06.2017No reply from the vendor.
04.06.2017Public security advisory released.
21.06.2017Vendor releases version EPG5000 1.3.014-30, ESR600 1-4-12-64 and ESR900 1.4.6 to address this issue.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/42114/
[2]https://packetstormsecurity.com/files/142792
[3]https://cxsecurity.com/issue/WLB-2017060050
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/127026
[5]https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27&title=ESR900
[6]https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27&title=ESR600
[7]https://www.engeniusnetworks.eu/downloads?field_file_type_tid=27&title=EPG5000
[8]http://www.vfocus.net/art/20170606/13644.html
[9]https://badpackets.net/engenius-routers-found-in-mirai-like-botnet/
[10]https://www.vulncheck.com/advisories/engenius-enshare-iot-gigabit-cloud-service
[11]https://nvd.nist.gov/vuln/detail/CVE-2025-34035
[12]https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-34035
Changelog
04.06.2017Initial release
08.06.2017Added reference [1], [2] and [3]
13.06.2017Added reference [4]
22.06.2017Added vendor status and reference [5], [6] and [7]
25.06.2017Added reference [8]
11.02.2020Added reference [9]
18.07.2025Added reference [10], [11] and [12]