CVE-2023-23294: Command Injection
First published: Thu Feb 23 2023(Updated: )
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Korenix Jetwave 2212g Firmware | =1.3.t | |
| Korenix Jetwave 2212g | ||
| Korenix Jetwave 2212x Firmware | =1.3.0 | |
| Korenix Jetwave 2212x | ||
| Korenix Jetwave 2212s Firmware | =1.3.0 | |
| Korenix Jetwave 2212s | ||
| Korenix Jetwave 2211c Firmware | <1.6 | |
| Korenix Jetwave 2211c | ||
| Korenix Jetwave 2411 Firmware | <1.5 | |
| Korenix Jetwave 2411 | ||
| Korenix Jetwave 2111 Firmware | <1.5 | |
| Korenix Jetwave 2111 | ||
| Korenix Jetwave 2411l Firmware | <1.6 | |
| Korenix Jetwave 2411l | ||
| Korenix Jetwave 2111l Firmware | <1.6 | |
| Korenix Jetwave 2111l | ||
| Korenix Jetwave 2414 Firmware | <1.4 | |
| Korenix Jetwave 2414 | ||
| Korenix Jetwave 2114 Firmware | <1.4 | |
| Korenix Jetwave 2114 | ||
| Korenix Jetwave 2424 Firmware | <1.3 | |
| Korenix Jetwave 2460 Firmware | <1.6 | |
| Korenix Jetwave 2460 | ||
| Korenix Jetwave 4221hp-e Firmware | <=1.3.0 | |
| Korenix Jetwave 4221hp-e | ||
| Korenix Jetwave 3220 V3 Firmware | <1.7 | |
| Korenix Jetwave 3220 V3 | ||
| Korenix Jetwave 3420 V3 Firmware | <1.7 | |
| Korenix Jetwave 3420 V3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-23294.
What is the severity of CVE-2023-23294?
The severity of CVE-2023-23294 is high with a score of 8.8.
What software versions are affected by CVE-2023-23294?
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are affected by CVE-2023-23294.
How can an attacker exploit CVE-2023-23294?
An attacker can exploit CVE-2023-23294 by modifying the file_name parameter to execute commands as root.
Is Korenix Jetwave 2212g vulnerable to CVE-2023-23294?
No, Korenix Jetwave 2212g is not vulnerable to CVE-2023-23294.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/korenix
- canonical/korenix jetwave 2212g firmware
- version/korenix jetwave 2212g firmware/1.3.t
- canonical/korenix jetwave 2212g
- canonical/korenix jetwave 2212x firmware
- version/korenix jetwave 2212x firmware/1.3.0
- canonical/korenix jetwave 2212x
- canonical/korenix jetwave 2212s firmware
- version/korenix jetwave 2212s firmware/1.3.0
- canonical/korenix jetwave 2212s
- canonical/korenix jetwave 2211c firmware
- canonical/korenix jetwave 2211c
- canonical/korenix jetwave 2411 firmware
- canonical/korenix jetwave 2411
- canonical/korenix jetwave 2111 firmware
- canonical/korenix jetwave 2111
- canonical/korenix jetwave 2411l firmware
- canonical/korenix jetwave 2411l
- canonical/korenix jetwave 2111l firmware
- canonical/korenix jetwave 2111l
- canonical/korenix jetwave 2414 firmware
- canonical/korenix jetwave 2414
- canonical/korenix jetwave 2114 firmware
- canonical/korenix jetwave 2114
- canonical/korenix jetwave 2424 firmware
- canonical/korenix jetwave 2460 firmware
- canonical/korenix jetwave 2460
- canonical/korenix jetwave 4221hp-e firmware
- version/korenix jetwave 4221hp-e firmware/1.3.0
- canonical/korenix jetwave 4221hp-e
- canonical/korenix jetwave 3220 v3 firmware
- canonical/korenix jetwave 3220 v3
- canonical/korenix jetwave 3420 v3 firmware
- canonical/korenix jetwave 3420 v3