cbcvebase.
CVE-2023-23294
published 2023-02-23

CVE-2023-23294: Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.69%
84.0th percentile
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.

Affected

15 ranges
VendorProductVersion rangeFixed in
korenixjetwave_2111_firmware< 1.51.5
korenixjetwave_2111l_firmware< 1.61.6
korenixjetwave_2114_firmware< 1.41.4
korenixjetwave_2211c_firmware< 1.61.6
korenixjetwave_2212g_firmware
korenixjetwave_2212s_firmware
korenixjetwave_2212x_firmware
korenixjetwave_2411_firmware< 1.51.5
korenixjetwave_2411l_firmware< 1.61.6
korenixjetwave_2414_firmware< 1.41.4
korenixjetwave_2424_firmware< 1.31.3
korenixjetwave_2460_firmware< 1.61.6
korenixjetwave_3220_v3_firmware< 1.71.7
korenixjetwave_3420_v3_firmware< 1.71.7
korenixjetwave_4221hp-e_firmware<= 1.3.0

Detection & IOCsextracted from sources · hover to see the quote

path/goform/formSysCmd
  • Monitor for HTTP requests targeting the file_name parameter on Korenix JetWave devices; injection of shell metacharacters into this parameter enables root command execution.
  • Monitor for POST requests to /goform/formSysCmd on Korenix JetWave devices; manipulation of the sysCmd parameter is the attack vector for a related root command injection (CVE-2023-23295).
  • Monitor for POST requests to /goform/formDefault on Korenix JetWave devices; this endpoint can be abused to crash the web service (CVE-2023-23296).
  • ·CVE-2023-23294 requires low-privilege authenticated access (PR:L); exploitation is not possible without valid credentials, but the attack is remotely exploitable with low complexity.
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.