Advisory Published
Updated

CVE-2021-39280

First published: Sun Feb 06 2022(Updated: )

Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Korenix Jetwave 2212s Firmware<1.9.1
Korenix Jetwave 2212s
Korenix Jetwave 2212g Firmware<1.8
Korenix Jetwave 2212g
Korenix Jetwave 2311 Firmware<=1.2
Korenix Jetwave 2311
Korenix Jetwave 3220 Firmware<1.5.1
Korenix Jetwave 3220=3
Korenix Jetwave 3420 Firmware<1.5.1
Korenix Jetwave 3420=3
Korenix Jetwave 2212x Firmware<1.9.1
Korenix Jetwave 2212x

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-39280?

    CVE-2021-39280 is a vulnerability that allows authenticated users to execute arbitrary code as root on certain Korenix JetWave devices via /syscmd.asp.

  • Which Korenix JetWave devices are affected by CVE-2021-39280?

    CVE-2021-39280 affects Korenix JetWave 2212X (before 1.9.1), 2212S (before 1.9.1), 2212G (before 1.8), 3220 V3 (before 1.5.1), 3420 V3 (before 1.5.1), and 2311 (through 2022-01-31).

  • How severe is CVE-2021-39280?

    CVE-2021-39280 has a severity rating of 8.8 (critical).

  • How can I fix CVE-2021-39280?

    To fix CVE-2021-39280, users should update their Korenix JetWave devices to the latest firmware versions: 2212X 1.9.1, 2212S 1.9.1, 2212G 1.8, 3220 V3 1.5.1, 3420 V3 1.5.1, and ensure that 2311 firmware is updated to a version released after January 31, 2022.

  • Where can I find more information about Korenix JetWave devices?

    You can find more information about Korenix JetWave devices on the Korenix website.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203