CVE-2023-23296
published 2023-02-23CVE-2023-23296: Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
PriorityP428medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.80%
51.9th percentile
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| korenix | jetwave_2111_firmware | < 1.5 | 1.5 |
| korenix | jetwave_2111l_firmware | < 1.6 | 1.6 |
| korenix | jetwave_2114_firmware | < 1.4 | 1.4 |
| korenix | jetwave_2211c_firmware | < 1.6 | 1.6 |
| korenix | jetwave_2212g_firmware | — | — |
| korenix | jetwave_2212s_firmware | — | — |
| korenix | jetwave_2212x_firmware | — | — |
| korenix | jetwave_2411_firmware | < 1.5 | 1.5 |
| korenix | jetwave_2411l_firmware | < 1.6 | 1.6 |
| korenix | jetwave_2414_firmware | < 1.4 | 1.4 |
| korenix | jetwave_2424_firmware | < 1.3 | 1.3 |
| korenix | jetwave_2460_firmware | < 1.6 | 1.6 |
| korenix | jetwave_3220_v3_firmware | < 1.7 | 1.7 |
| korenix | jetwave_3420_v3_firmware | < 1.7 | 1.7 |
| korenix | jetwave_4221hp-e_firmware | <= 1.3.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3c7c-p4m9-gwhc: Korenix JetWave 4200 Series 1
ghsa_unreviewed·2023-02-24
CVE-2023-23296 [MEDIUM] CWE-400 GHSA-3c7c-p4m9-gwhc: Korenix JetWave 4200 Series 1
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
CISA ICS
Korenix Jetwave
cisa_ics·2023-04-06·CVSS 8.8
[HIGH] Korenix Jetwave
ICS Advisory
##
Korenix Jetwave
Release DateApril 06, 2023
Alert CodeICSA-23-096-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Korenix
- Equipment: Jetwave
- Vulnerabilities: Command Injection, Uncontrolled Resource Consumption
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Korenix Jetwave, are affected:
- Korenix JetWave4221 HP-E versions V1.3.0 and prior
- Korenix JetWave 3220/3420 V3 versions prior to V1.7
- Korenix JetWave 2212G version V1.3.T
- Korenix JetWa
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-23
Published