high
8.8
CWE
77
Advisory Published
Updated

CVE-2023-23295: Command Injection

First published: Thu Feb 23 2023(Updated: )

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Korenix Jetwave 2212g Firmware=1.3.t
Korenix Jetwave 2212g
Korenix Jetwave 2212x Firmware=1.3.0
Korenix Jetwave 2212x
Korenix Jetwave 2212s Firmware=1.3.0
Korenix Jetwave 2212s
Korenix Jetwave 2211c Firmware<1.6
Korenix Jetwave 2211c
Korenix Jetwave 2411 Firmware<1.5
Korenix Jetwave 2411
Korenix Jetwave 2111 Firmware<1.5
Korenix Jetwave 2111
Korenix Jetwave 2411l Firmware<1.6
Korenix Jetwave 2411l
Korenix Jetwave 2111l Firmware<1.6
Korenix Jetwave 2111l
Korenix Jetwave 2414 Firmware<1.4
Korenix Jetwave 2414
Korenix Jetwave 2114 Firmware<1.4
Korenix Jetwave 2114
Korenix Jetwave 2424 Firmware<1.3
Korenix Jetwave 2460 Firmware<1.6
Korenix Jetwave 2460
Korenix Jetwave 4221hp-e Firmware<=1.3.0
Korenix Jetwave 4221hp-e
Korenix Jetwave 3220 V3 Firmware<1.7
Korenix Jetwave 3220 V3
Korenix Jetwave 3420 V3 Firmware<1.7
Korenix Jetwave 3420 V3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2023-23295.

  • What is the severity of CVE-2023-23295?

    The severity of CVE-2023-23295 is high (8.8 out of 10).

  • Which software versions are affected by CVE-2023-23295?

    Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are affected by CVE-2023-23295.

  • How does CVE-2023-23295 work?

    An attacker can modify the sysCmd parameter in /goform/formSysCmd to execute commands as root, allowing command injection.

  • Is Korenix Jetwave 2212g firmware 1.3.t vulnerable to CVE-2023-23295?

    Yes, Korenix Jetwave 2212g firmware 1.3.t is vulnerable to CVE-2023-23295.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203