Vulnerability Description
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Korenix | Jetwave 2212S Firmware | < 1.9.1 |
| Korenix | Jetwave 2212S | - |
| Korenix | Jetwave 2212G Firmware | < 1.8 |
| Korenix | Jetwave 2212G | - |
| Korenix | Jetwave 2311 Firmware | <= 1.2 |
| Korenix | Jetwave 2311 | - |
| Korenix | Jetwave 3220 Firmware | < 1.5.1 |
| Korenix | Jetwave 3220 | 3 |
| Korenix | Jetwave 3420 Firmware | < 1.5.1 |
| Korenix | Jetwave 3420 | 3 |
| Korenix | Jetwave 2212X Firmware | < 1.9.1 |
| Korenix | Jetwave 2212X | - |
References
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-CommThird Party AdvisoryVDB Entry
- https://www.korenix.com/en/product/search.aspx?kw=JetWaveProductVendor Advisory
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-CommThird Party AdvisoryVDB Entry
- https://www.korenix.com/en/product/search.aspx?kw=JetWaveProductVendor Advisory
FAQ
What is CVE-2021-39280?
CVE-2021-39280 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1...
How severe is CVE-2021-39280?
CVE-2021-39280 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39280?
Check the references section above for vendor advisories and patch information. Affected products include: Korenix Jetwave 2212S Firmware, Korenix Jetwave 2212S, Korenix Jetwave 2212G Firmware, Korenix Jetwave 2212G, Korenix Jetwave 2311 Firmware.