CVE-2023-23295 — HIGH (8.8)

Q: How severe is CVE-2023-23295?

CVE-2023-23295 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-23295?

Check the references section above for vendor advisories and patch information. Affected products include: Korenix Jetwave 2212G Firmware, Korenix Jetwave 2212G, Korenix Jetwave 2212X Firmware, Korenix Jetwave 2212X, Korenix Jetwave 2212S Firmware.

Vulnerability Description

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Korenix	Jetwave 2212G Firmware	1.3.t
Korenix	Jetwave 2212G	-
Korenix	Jetwave 2212X Firmware	1.3.0
Korenix	Jetwave 2212X	-
Korenix	Jetwave 2212S Firmware	1.3.0
Korenix	Jetwave 2212S	-
Korenix	Jetwave 2211C Firmware	< 1.6
Korenix	Jetwave 2211C	-
Korenix	Jetwave 2411 Firmware	< 1.5
Korenix	Jetwave 2411	-
Korenix	Jetwave 2111 Firmware	< 1.5
Korenix	Jetwave 2111	-
Korenix	Jetwave 2411L Firmware	< 1.6
Korenix	Jetwave 2411L	-
Korenix	Jetwave 2111L Firmware	< 1.6
Korenix	Jetwave 2111L	-
Korenix	Jetwave 2414 Firmware	< 1.4
Korenix	Jetwave 2414	-
Korenix	Jetwave 2114 Firmware	< 1.4
Korenix	Jetwave 2114	-

Related Weaknesses (CWE)

CWE-77

References

https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-seriesExploitThird Party Advisory
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-seriesExploitThird Party Advisory

FAQ

What is CVE-2023-23295?

CVE-2023-23295 is a vulnerability with a CVSS score of 8.8 (HIGH). Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as r...

How severe is CVE-2023-23295?

CVE-2023-23295 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-23295?

Check the references section above for vendor advisories and patch information. Affected products include: Korenix Jetwave 2212G Firmware, Korenix Jetwave 2212G, Korenix Jetwave 2212X Firmware, Korenix Jetwave 2212X, Korenix Jetwave 2212S Firmware.