First published: Sun Feb 06 2022(Updated: )
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Korenix Jetwave 2212s Firmware | <1.9.1 | |
Korenix Jetwave 2212s | ||
Korenix Jetwave 2212g Firmware | <1.8 | |
Korenix Jetwave 2212g | ||
Korenix Jetwave 2311 Firmware | <=1.2 | |
Korenix Jetwave 2311 | ||
Korenix Jetwave 3220 Firmware | <1.5.1 | |
Korenix Jetwave 3220 | =3 | |
Korenix Jetwave 3420 Firmware | <1.5.1 | |
Korenix Jetwave 3420 | =3 | |
Korenix Jetwave 2212x Firmware | <1.9.1 | |
Korenix Jetwave 2212x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-39280 is a vulnerability that allows authenticated users to execute arbitrary code as root on certain Korenix JetWave devices via /syscmd.asp.
CVE-2021-39280 affects Korenix JetWave 2212X (before 1.9.1), 2212S (before 1.9.1), 2212G (before 1.8), 3220 V3 (before 1.5.1), 3420 V3 (before 1.5.1), and 2311 (through 2022-01-31).
CVE-2021-39280 has a severity rating of 8.8 (critical).
To fix CVE-2021-39280, users should update their Korenix JetWave devices to the latest firmware versions: 2212X 1.9.1, 2212S 1.9.1, 2212G 1.8, 3220 V3 1.5.1, 3420 V3 1.5.1, and ensure that 2311 firmware is updated to a version released after January 31, 2022.
You can find more information about Korenix JetWave devices on the Korenix website.