cbcvebase.
CVE-2023-23295
published 2023-02-23

CVE-2023-23295: Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd…

PriorityP180high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.83%
88.8th percentile
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

Affected

15 ranges
VendorProductVersion rangeFixed in
korenixjetwave_2111_firmware< 1.51.5
korenixjetwave_2111l_firmware< 1.61.6
korenixjetwave_2114_firmware< 1.41.4
korenixjetwave_2211c_firmware< 1.61.6
korenixjetwave_2212g_firmware
korenixjetwave_2212s_firmware
korenixjetwave_2212x_firmware
korenixjetwave_2411_firmware< 1.51.5
korenixjetwave_2411l_firmware< 1.61.6
korenixjetwave_2414_firmware< 1.41.4
korenixjetwave_2424_firmware< 1.31.3
korenixjetwave_2460_firmware< 1.61.6
korenixjetwave_3220_v3_firmware< 1.71.7
korenixjetwave_3420_v3_firmware< 1.71.7
korenixjetwave_4221hp-e_firmware<= 1.3.0

Detection & IOCsextracted from sources · hover to see the quote

path/goform/formSysCmd
  • Monitor POST requests targeting /goform/formSysCmd for manipulation of the sysCmd parameter, which can be used to execute arbitrary commands as root.
  • ·Exploitation requires low-privilege authenticated access (PR:L); monitor for unexpected or unauthorized logins to Korenix JetWave management interfaces prior to exploitation attempts.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.