Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

Published

2023-02-23T23:15:10.947

Last Modified

2025-03-17T19:15:18.787

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-77
  • Type: Secondary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System korenix jetwave_2212g_firmware 1.3.t Yes
Hardware korenix jetwave_2212g - No
Operating System korenix jetwave_2212x_firmware 1.3.0 Yes
Hardware korenix jetwave_2212x - No
Operating System korenix jetwave_2212s_firmware 1.3.0 Yes
Hardware korenix jetwave_2212s - No
Operating System korenix jetwave_2211c_firmware < 1.6 Yes
Hardware korenix jetwave_2211c - No
Operating System korenix jetwave_2411_firmware < 1.5 Yes
Hardware korenix jetwave_2411 - No
Operating System korenix jetwave_2111_firmware < 1.5 Yes
Hardware korenix jetwave_2111 - No
Operating System korenix jetwave_2411l_firmware < 1.6 Yes
Hardware korenix jetwave_2411l - No
Operating System korenix jetwave_2111l_firmware < 1.6 Yes
Hardware korenix jetwave_2111l - No
Operating System korenix jetwave_2414_firmware < 1.4 Yes
Hardware korenix jetwave_2414 - No
Operating System korenix jetwave_2114_firmware < 1.4 Yes
Hardware korenix jetwave_2114 - No
Operating System korenix jetwave_2424_firmware < 1.3 Yes
Hardware korenix jetwave_2414 - No
Operating System korenix jetwave_2460_firmware < 1.6 Yes
Hardware korenix jetwave_2460 - No
Operating System korenix jetwave_4221hp-e__firmware ≤ 1.3.0 Yes
Hardware korenix jetwave_4221hp-e - No
Operating System korenix jetwave_3220_v3__firmware < 1.7 Yes
Hardware korenix jetwave_3220_v3 - No
Operating System korenix jetwave_3420_v3__firmware < 1.7 Yes
Hardware korenix jetwave_3420_v3 - No
References