← Back

CVE-2023-23295

nvd nist
Published: Feb 23, 2023Modified: Mar 17, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

Affected (15)

Korenix
15 products
Jetwave 2212g Firmware
Jetwave 2212x Firmware
Jetwave 2212s Firmware
Jetwave 2211c Firmware
Jetwave 2411 Firmware
Jetwave 2111 Firmware
Jetwave 2411l Firmware
Jetwave 2111l Firmware
Jetwave 2414 Firmware
Jetwave 2114 Firmware
Jetwave 2424 Firmware
Jetwave 2460 Firmware
Jetwave 4221hp E Firmware
Jetwave 3220 V3 Firmware
Jetwave 3420 V3 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2212g Firmware
Version 1.3.t
Running on/withPlatform Versions
Korenix
Jetwave 2212g
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2212x Firmware
Version 1.3.0
Running on/withPlatform Versions
Korenix
Jetwave 2212x
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2212s Firmware
Version 1.3.0
Running on/withPlatform Versions
Korenix
Jetwave 2212s
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2211c Firmware
Before 1.6
Running on/withPlatform Versions
Korenix
Jetwave 2211c
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2411 Firmware
Before 1.5
Running on/withPlatform Versions
Korenix
Jetwave 2411
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2111 Firmware
Before 1.5
Running on/withPlatform Versions
Korenix
Jetwave 2111
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2411l Firmware
Before 1.6
Running on/withPlatform Versions
Korenix
Jetwave 2411l
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2111l Firmware
Before 1.6
Running on/withPlatform Versions
Korenix
Jetwave 2111l
All versions
Configuration I
1 vulnerable
Vulnerable SoftwareAffected Versions
Jetwave 2414 Firmware
Before 1.4
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2114 Firmware
Before 1.4
Running on/withPlatform Versions
Korenix
Jetwave 2114
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2424 Firmware
Before 1.3
Running on/withPlatform Versions
Korenix
Jetwave 2414
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 2460 Firmware
Before 1.6
Running on/withPlatform Versions
Korenix
Jetwave 2460
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 4221hp E Firmware
Up to 1.3.0
Running on/withPlatform Versions
Korenix
Jetwave 4221hp E
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 3220 V3 Firmware
Before 1.7
Running on/withPlatform Versions
Korenix
Jetwave 3220 V3
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jetwave 3420 V3 Firmware
Before 1.7
Running on/withPlatform Versions
Korenix
Jetwave 3420 V3
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.