CVE-2023-23295
CVE-2023-23295 affects Korenix JetWave 4200 Series (1.3.0) and JetWave 3000 Series (1.6.0). The flaw is command injection via the /goform/formSysCmd endpoint, where an attacker can modify the sysCmd parameter to execute commands as root. CVSS v3.1 base score 8.8 (Network attack, Low privileges, H...