Lucene search

[email protected]NVD:CVE-2023-23294

HistoryFeb 23, 2023 - 11:15 p.m.

CVE-2023-23294

2023-02-2323:15:10

CWE-77

[email protected]

web.nvd.nist.gov

korenix

jetwave

4200 series

3000 series

command injection

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

46.9%

JSON

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.

Affected configurations

Nvd

Node

korenixjetwave_2212g_firmwareMatch1.3.t

AND

korenixjetwave_2212gMatch-

Node

korenixjetwave_2212x_firmwareMatch1.3.0

AND

korenixjetwave_2212xMatch-

Node

korenixjetwave_2212s_firmwareMatch1.3.0

AND

korenixjetwave_2212sMatch-

Node

korenixjetwave_2211c_firmwareRange<1.6

AND

korenixjetwave_2211cMatch-

Node

korenixjetwave_2411_firmwareRange<1.5

AND

korenixjetwave_2411Match-

Node

korenixjetwave_2111Match-

AND

korenixjetwave_2111_firmwareRange<1.5

Node

korenixjetwave_2411lMatch-

AND

korenixjetwave_2411l_firmwareRange<1.6

Node

korenixjetwave_2111lMatch-

AND

korenixjetwave_2111l_firmwareRange<1.6

Node

korenixjetwave_2414Match-

AND

korenixjetwave_2414_firmwareRange<1.4

Node

korenixjetwave_2114Match-

AND

korenixjetwave_2114_firmwareRange<1.4

Node

korenixjetwave_2414Match-

AND

korenixjetwave_2424_firmwareRange<1.3

Node

korenixjetwave_2460Match-

AND

korenixjetwave_2460_firmwareRange<1.6

Node

korenixjetwave_4221hp-e__firmwareRange≤1.3.0

AND

korenixjetwave_4221hp-eMatch-

Node

korenixjetwave_3220_v3__firmwareRange<1.7

AND

korenixjetwave_3220_v3Match-

Node

korenixjetwave_3420_v3Match-

AND

korenixjetwave_3420_v3__firmwareRange<1.7

VendorProductVersionCPE
korenixjetwave_2212g_firmware1.3.tcpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:*
korenixjetwave_2212g-cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*
korenixjetwave_2212x_firmware1.3.0cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:*
korenixjetwave_2212x-cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*
korenixjetwave_2212s_firmware1.3.0cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:*
korenixjetwave_2212s-cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*
korenixjetwave_2211c_firmware*cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:*
korenixjetwave_2211c-cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:*
korenixjetwave_2411_firmware*cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:*
korenixjetwave_2411-cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
korenix	jetwave_2212g_firmware	1.3.t	cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:::::::*
korenix	jetwave_2212g	-	cpe:2.3:h:korenix:jetwave_2212g:-:::::::*
korenix	jetwave_2212x_firmware	1.3.0	cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:::::::*
korenix	jetwave_2212x	-	cpe:2.3:h:korenix:jetwave_2212x:-:::::::*
korenix	jetwave_2212s_firmware	1.3.0	cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:::::::*
korenix	jetwave_2212s	-	cpe:2.3:h:korenix:jetwave_2212s:-:::::::*
korenix	jetwave_2211c_firmware	*	cpe:2.3:o:korenix:jetwave_2211c_firmware::::::::
korenix	jetwave_2211c	-	cpe:2.3:h:korenix:jetwave_2211c:-:::::::*
korenix	jetwave_2411_firmware	*	cpe:2.3:o:korenix:jetwave_2411_firmware::::::::
korenix	jetwave_2411	-	cpe:2.3:h:korenix:jetwave_2411:-:::::::*

Rows per page:

1-10 of 291

References

cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

46.9%

JSON

Related for NVD:CVE-2023-23294

prion1 cvelist1 cve1 ics1