How severe is CVE-2021-39280?

CVE-2021-39280 has a severity rating of 8.8 (critical).

How can I fix CVE-2021-39280?

To fix CVE-2021-39280, users should update their Korenix JetWave devices to the latest firmware versions: 2212X 1.9.1, 2212S 1.9.1, 2212G 1.8, 3220 V3 1.5.1, 3420 V3 1.5.1, and ensure that 2311 firmware is updated to a version released after January 31, 2022.

Where can I find more information about Korenix JetWave devices?

You can find more information about Korenix JetWave devices on the Korenix website.

Vulnerability/
CVE-2021-39280

critical

6/2/2022

4/8/2024

CVE-2021-39280

Q: What is CVE-2021-39280?

CVE-2021-39280 is a vulnerability that allows authenticated users to execute arbitrary code as root on certain Korenix JetWave devices via /syscmd.asp.

Q: Which Korenix JetWave devices are affected by CVE-2021-39280?

CVE-2021-39280 affects Korenix JetWave 2212X (before 1.9.1), 2212S (before 1.9.1), 2212G (before 1.8), 3220 V3 (before 1.5.1), 3420 V3 (before 1.5.1), and 2311 (through 2022-01-31).

First published: Sun Feb 06 2022(Updated: )

Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Korenix Jetwave 2212s Firmware	<1.9.1
Korenix Jetwave 2212s
Korenix Jetwave 2212g Firmware	<1.8
Korenix Jetwave 2212g
Korenix Jetwave 2311 Firmware	<=1.2
Korenix Jetwave 2311
Korenix Jetwave 3220 Firmware	<1.5.1
Korenix Jetwave 3220	=3
Korenix Jetwave 3420 Firmware	<1.5.1
Korenix Jetwave 3420	=3
Korenix Jetwave 2212x Firmware	<1.9.1
Korenix Jetwave 2212x

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-39280?
CVE-2021-39280 is a vulnerability that allows authenticated users to execute arbitrary code as root on certain Korenix JetWave devices via /syscmd.asp.
Which Korenix JetWave devices are affected by CVE-2021-39280?
CVE-2021-39280 affects Korenix JetWave 2212X (before 1.9.1), 2212S (before 1.9.1), 2212G (before 1.8), 3220 V3 (before 1.5.1), 3420 V3 (before 1.5.1), and 2311 (through 2022-01-31).
How severe is CVE-2021-39280?
CVE-2021-39280 has a severity rating of 8.8 (critical).
How can I fix CVE-2021-39280?
To fix CVE-2021-39280, users should update their Korenix JetWave devices to the latest firmware versions: 2212X 1.9.1, 2212S 1.9.1, 2212G 1.8, 3220 V3 1.5.1, 3420 V3 1.5.1, and ensure that 2311 firmware is updated to a version released after January 31, 2022.
Where can I find more information about Korenix JetWave devices?
You can find more information about Korenix JetWave devices on the Korenix website.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/korenix
canonical/korenix jetwave 2212s firmware
canonical/korenix jetwave 2212s
canonical/korenix jetwave 2212g firmware
canonical/korenix jetwave 2212g
canonical/korenix jetwave 2311 firmware
version/korenix jetwave 2311 firmware/1.2
canonical/korenix jetwave 2311
canonical/korenix jetwave 3220 firmware
canonical/korenix jetwave 3220
version/korenix jetwave 3220/3
canonical/korenix jetwave 3420 firmware
canonical/korenix jetwave 3420
version/korenix jetwave 3420/3
canonical/korenix jetwave 2212x firmware
canonical/korenix jetwave 2212x

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.