Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html | Third Party Advisory VDB Entry |
https://www.korenix.com/en/product/search.aspx?kw=JetWave | Product Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
11 Feb 2022, 03:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Korenix jetwave 3420
Korenix jetwave 2212x Firmware Korenix jetwave 3420 Firmware Korenix jetwave 2212s Korenix Korenix jetwave 3220 Firmware Korenix jetwave 3220 Korenix jetwave 2212g Korenix jetwave 2311 Korenix jetwave 2212s Firmware Korenix jetwave 2311 Firmware Korenix jetwave 2212x Korenix jetwave 2212g Firmware |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
CPE | cpe:2.3:h:korenix:jetwave_3220:3:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_3420:3:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_3220_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2311_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_3420_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212x_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.korenix.com/en/product/search.aspx?kw=JetWave - Product, Vendor Advisory |
06 Feb 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-06 21:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-39280
Mitre link : CVE-2021-39280
CVE.ORG link : CVE-2021-39280
JSON object : View
Products Affected
korenix
- jetwave_2212s
- jetwave_3220_firmware
- jetwave_3420
- jetwave_2212x
- jetwave_3420_firmware
- jetwave_2212g
- jetwave_2311_firmware
- jetwave_2212s_firmware
- jetwave_2311
- jetwave_3220
- jetwave_2212g_firmware
- jetwave_2212x_firmware
CWE