CVE-2023-23295

CVSS V2 None CVSS V3 None
Description
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
Overview
  • CVE ID
  • CVE-2023-23295
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-23T23:15:10
  • Last Modified Date
  • 2023-03-06T18:44:02
Weakness Enumerations
CWE URL
CWE-77 http://cwe.mitre.org/data/definitions/77.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:* 1 OR 1.6
cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:* 1 OR 1.5
cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2111_firmware:*:*:*:*:*:*:*:* 1 OR 1.5
cpe:2.3:h:korenix:jetwave_2111:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2411l_firmware:*:*:*:*:*:*:*:* 1 OR 1.6
cpe:2.3:h:korenix:jetwave_2411l:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2111l_firmware:*:*:*:*:*:*:*:* 1 OR 1.6
cpe:2.3:h:korenix:jetwave_2111l:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2414_firmware:*:*:*:*:*:*:*:* 1 OR 1.4
cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2114_firmware:*:*:*:*:*:*:*:* 1 OR 1.4
cpe:2.3:h:korenix:jetwave_2114:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2424_firmware:*:*:*:*:*:*:*:* 1 OR 1.3
cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_2460_firmware:*:*:*:*:*:*:*:* 1 OR 1.6
cpe:2.3:h:korenix:jetwave_2460:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*:*:*:*:*:*:*:* 1 OR 1.3.0
cpe:2.3:h:korenix:jetwave_4221hp-e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*:*:*:*:*:*:*:* 1 OR 1.7
cpe:2.3:h:korenix:jetwave_3220_v3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*:*:*:*:*:*:*:* 1 OR 1.7
cpe:2.3:h:korenix:jetwave_3420_v3:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/ Exploit Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-23295
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23295
History
Created Old Value New Value Data Type Notes
2023-04-17 05:24:11 Added to TrackCVE
2023-04-17 05:24:13 Weakness Enumeration new