Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
References
Link | Resource |
---|---|
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
History
06 Mar 2023, 18:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:korenix:jetwave_2114_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2111:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2424_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_4221hp-e:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_3420_v3:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2111l:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2111_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2111l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2460:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2411l:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2114:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2460_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2414_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_3220_v3:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2411l_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-77 | |
First Time |
Korenix jetwave 2114
Korenix jetwave 3220 V3 Korenix jetwave 3420 V3 Korenix jetwave 2111l Firmware Korenix jetwave 4221hp-e Firmware Korenix jetwave 2411l Korenix jetwave 2212x Firmware Korenix jetwave 2212g Firmware Korenix jetwave 2411 Firmware Korenix jetwave 3420 V3 Firmware Korenix jetwave 3220 V3 Firmware Korenix jetwave 2212s Korenix jetwave 2424 Firmware Korenix jetwave 2212s Firmware Korenix jetwave 2212x Korenix jetwave 2460 Firmware Korenix jetwave 2111 Korenix Korenix jetwave 2411 Korenix jetwave 4221hp-e Korenix jetwave 2211c Korenix jetwave 2414 Firmware Korenix jetwave 2114 Firmware Korenix jetwave 2414 Korenix jetwave 2460 Korenix jetwave 2212g Korenix jetwave 2111l Korenix jetwave 2211c Firmware Korenix jetwave 2111 Firmware Korenix jetwave 2411l Firmware |
|
References | (MISC) https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ - Exploit, Third Party Advisory |
23 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-23 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23295
Mitre link : CVE-2023-23295
CVE.ORG link : CVE-2023-23295
JSON object : View
Products Affected
korenix
- jetwave_2212g_firmware
- jetwave_4221hp-e__firmware
- jetwave_2411_firmware
- jetwave_2114
- jetwave_2414
- jetwave_4221hp-e
- jetwave_3420_v3
- jetwave_3220_v3
- jetwave_2211c_firmware
- jetwave_2411l
- jetwave_2111
- jetwave_2411l_firmware
- jetwave_2114_firmware
- jetwave_3220_v3__firmware
- jetwave_2424_firmware
- jetwave_3420_v3__firmware
- jetwave_2212s_firmware
- jetwave_2414_firmware
- jetwave_2212s
- jetwave_2411
- jetwave_2460
- jetwave_2111l
- jetwave_2111l_firmware
- jetwave_2212g
- jetwave_2111_firmware
- jetwave_2211c
- jetwave_2460_firmware
- jetwave_2212x_firmware
- jetwave_2212x
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')