Vulnerability Details CVE-2023-23295
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-23295
-
cpe:2.3:h:korenix:jetwave_2111:-
-
cpe:2.3:h:korenix:jetwave_2111l:-
-
cpe:2.3:h:korenix:jetwave_2114:-
-
cpe:2.3:h:korenix:jetwave_2211c:-
-
cpe:2.3:h:korenix:jetwave_2212g:-
-
cpe:2.3:h:korenix:jetwave_2212s:-
-
cpe:2.3:h:korenix:jetwave_2212x:-
-
cpe:2.3:h:korenix:jetwave_2411:-
-
cpe:2.3:h:korenix:jetwave_2411l:-
-
cpe:2.3:h:korenix:jetwave_2414:-
-
cpe:2.3:h:korenix:jetwave_2460:-
-
cpe:2.3:h:korenix:jetwave_3220_v3:-
-
cpe:2.3:h:korenix:jetwave_3420_v3:-
-
cpe:2.3:h:korenix:jetwave_4221hp-e:-
-
cpe:2.3:o:korenix:jetwave_2111_firmware:*
-
cpe:2.3:o:korenix:jetwave_2111l_firmware:*
-
cpe:2.3:o:korenix:jetwave_2114_firmware:*
-
cpe:2.3:o:korenix:jetwave_2211c_firmware:*
-
cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t
-
cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0
-
cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0
-
cpe:2.3:o:korenix:jetwave_2411_firmware:*
-
cpe:2.3:o:korenix:jetwave_2411l_firmware:*
-
cpe:2.3:o:korenix:jetwave_2414_firmware:*
-
cpe:2.3:o:korenix:jetwave_2424_firmware:*
-
cpe:2.3:o:korenix:jetwave_2460_firmware:*
-
cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*
-
cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*
-
cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*