Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
References
| Link | Resource |
|---|---|
| https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ | Exploit Third Party Advisory |
| https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
History
21 Nov 2024, 07:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ - Exploit, Third Party Advisory |
06 Mar 2023, 18:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CWE | CWE-77 | |
| CPE | cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2460_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_3420_v3:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_3220_v3:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2114_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2424_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2460:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2114:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2111:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2414_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2111l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2411l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2411l:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2111_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_2111l:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:* cpe:2.3:h:korenix:jetwave_4221hp-e:-:*:*:*:*:*:*:* cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:* |
24 Feb 2023, 14:02
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-02-23 23:15
Updated : 2025-03-17 19:15
NVD link : CVE-2023-23295
Mitre link : CVE-2023-23295
CVE.ORG link : CVE-2023-23295
JSON object : View
Products Affected
korenix
- jetwave_4221hp-e
- jetwave_2111l_firmware
- jetwave_2212s
- jetwave_2114
- jetwave_2460_firmware
- jetwave_2212g
- jetwave_2212g_firmware
- jetwave_2212x
- jetwave_2111_firmware
- jetwave_2411l_firmware
- jetwave_2211c_firmware
- jetwave_2424_firmware
- jetwave_2111l
- jetwave_2411_firmware
- jetwave_3220_v3
- jetwave_2211c
- jetwave_3420_v3__firmware
- jetwave_2111
- jetwave_3220_v3__firmware
- jetwave_2411
- jetwave_2212x_firmware
- jetwave_2114_firmware
- jetwave_2414_firmware
- jetwave_2460
- jetwave_4221hp-e__firmware
- jetwave_2414
- jetwave_3420_v3
- jetwave_2411l
- jetwave_2212s_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')