Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HKorenix Jetwave 2212g
HWKorenixwszystkie wersjeKorenix Jetwave 2212g Firmware
OSKorenix< 1.8Korenix Jetwave 2212s
HWKorenixwszystkie wersjeKorenix Jetwave 2212s Firmware
OSKorenix< 1.9.1Korenix Jetwave 2212x
HWKorenixwszystkie wersjeKorenix Jetwave 2212x Firmware
OSKorenix< 1.9.1Korenix Jetwave 2311
HWKorenixwszystkie wersjeKorenix Jetwave 2311 Firmware
OSKorenix≤ 1.2Korenix Jetwave 3220
HWKorenix3Korenix Jetwave 3220 Firmware
OSKorenix< 1.5.1Korenix Jetwave 3420
HWKorenix3Korenix Jetwave 3420 Firmware
OSKorenix< 1.5.1
Related vulnerabilities
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attack...
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /gofor...
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...