Vulnerabilites related to korenix - jetwave_2212g_firmware
CVE-2020-12504 (GCVE-0-2020-12504)
Vulnerability from cvelistv5
Published
2020-10-15 18:42
Modified
2024-09-16 17:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
References
Impacted products
Vendor Product Version
Pepperl+Fuchs P+F Comtrol RocketLinx Version: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Version: ES7510-XT   < 2.1.1
Version: ES8510   < 3.1.1
 Create a notification for this product.
   Pepperl+Fuchs P+F Comtrol RocketLinx Version: ICRL-M-8RJ45/4SFP-G-DIN   <
Version: ICRL-M-16RJ45/4CP-G-DIN   <
Create a notification for this product.
   Korenix JetNet Version: 5428G-20SFP   <
Version: 5810G   <
Version: 4706F   <
Version: 4510   <
Version: 5310   < V1.6
 Create a notification for this product.
   Westermo PMI-110-F2G Version: unspecified   < V1.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-8RJ45/4SFP-G-DIN",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-16RJ45/4CP-G-DIN",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T19:06:15",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12504",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
                            "version_value": "1.2.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-16RJ45/4CP-G-DIN",
                            "version_value": "1.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-912 Hidden Functionality"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12504",
    "datePublished": "2020-10-15T18:42:59.041481Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-16T17:09:09.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12503 (GCVE-0-2020-12503)
Vulnerability from cvelistv5
Published
2020-10-15 18:42
Modified
2024-09-17 04:24
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-863 - Incorrect Authorization
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
References
Impacted products
Vendor Product Version
Pepperl+Fuchs P+F Comtrol RocketLinx Version: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Version: ES7510-XT   < 2.1.1
Version: ES8510   < 3.1.1
 Create a notification for this product.
   Pepperl+Fuchs P+F Comtrol RocketLinx Version: ICRL-M-8RJ45/4SFP-G-DIN   <
Version: ICRL-M-16RJ45/4CP-G-DIN   <
Create a notification for this product.
   Korenix JetNet Version: 5428G-20SFP   <
Version: 5810G   <
Version: 4706F   <
Version: 4510   <
Version: 5310   < V1.6
 Create a notification for this product.
   Westermo PMI-110-F2G Version: unspecified   < V1.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-8RJ45/4SFP-G-DIN",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-16RJ45/4CP-G-DIN",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T19:06:09",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12503",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
                            "version_value": "1.2.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-16RJ45/4CP-G-DIN",
                            "version_value": "1.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863 Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12503",
    "datePublished": "2020-10-15T18:42:58.016798Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-17T04:24:41.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-39280 (GCVE-0-2021-39280)
Vulnerability from cvelistv5
Published
2022-02-06 20:47
Modified
2024-08-04 02:06
Severity ?
CWE
  • n/a
Summary
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:06:40.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.korenix.com/en/product/search.aspx?kw=JetWave"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-06T20:47:37",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.korenix.com/en/product/search.aspx?kw=JetWave"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-39280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.korenix.com/en/product/search.aspx?kw=JetWave",
              "refsource": "MISC",
              "url": "https://www.korenix.com/en/product/search.aspx?kw=JetWave"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-39280",
    "datePublished": "2022-02-06T20:47:37",
    "dateReserved": "2021-08-18T00:00:00",
    "dateUpdated": "2024-08-04T02:06:40.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23295 (GCVE-0-2023-23295)
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2025-03-17 18:30
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T14:28:31.885426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T18:30:19.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-23T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-23295",
    "datePublished": "2023-02-23T00:00:00.000Z",
    "dateReserved": "2023-01-11T00:00:00.000Z",
    "dateUpdated": "2025-03-17T18:30:19.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23296 (GCVE-0-2023-23296)
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2025-03-17 18:30
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • n/a
Summary
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T14:27:03.409428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T18:30:48.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-23T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-23296",
    "datePublished": "2023-02-23T00:00:00.000Z",
    "dateReserved": "2023-01-11T00:00:00.000Z",
    "dateUpdated": "2025-03-17T18:30:48.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12501 (GCVE-0-2020-12501)
Vulnerability from cvelistv5
Published
2020-10-15 18:42
Modified
2024-09-16 19:20
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-798 - Use of Hard-coded Credentials
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
References
Impacted products
Vendor Product Version
Pepperl+Fuchs P+F Comtrol RocketLinx Version: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Version: ES7510-XT   < 2.1.1
Version: ES8510   < 3.1.1
 Create a notification for this product.
   Korenix JetNet Version: 5428G-20SFP   <
Version: 5810G   <
Version: 4706F   <
Version: 4510   <
Version: 5310   < V1.6
 Create a notification for this product.
   Westermo PMI-110-F2G Version: unspecified   < V1.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          },
          {
            "name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T16:06:23",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        },
        {
          "name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12501",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
            },
            {
              "name": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12501",
    "datePublished": "2020-10-15T18:42:56.306067Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-16T19:20:40.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23294 (GCVE-0-2023-23294)
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2025-03-12 14:29
Severity ?
CWE
  • n/a
Summary
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T14:29:42.671366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T14:29:59.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-23T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-23294",
    "datePublished": "2023-02-23T00:00:00.000Z",
    "dateReserved": "2023-01-11T00:00:00.000Z",
    "dateUpdated": "2025-03-12T14:29:59.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2023-02-23 23:15
Modified
2025-03-17 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
References
cve@mitre.orghttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
korenix jetwave_2212g_firmware 1.3.t
korenix jetwave_2212g -
korenix jetwave_2212x_firmware 1.3.0
korenix jetwave_2212x -
korenix jetwave_2212s_firmware 1.3.0
korenix jetwave_2212s -
korenix jetwave_2211c_firmware *
korenix jetwave_2211c -
korenix jetwave_2411_firmware *
korenix jetwave_2411 -
korenix jetwave_2111_firmware *
korenix jetwave_2111 -
korenix jetwave_2411l_firmware *
korenix jetwave_2411l -
korenix jetwave_2111l_firmware *
korenix jetwave_2111l -
korenix jetwave_2414_firmware *
korenix jetwave_2414 -
korenix jetwave_2114_firmware *
korenix jetwave_2114 -
korenix jetwave_2424_firmware *
korenix jetwave_2414 -
korenix jetwave_2460_firmware *
korenix jetwave_2460 -
korenix jetwave_4221hp-e__firmware *
korenix jetwave_4221hp-e -
korenix jetwave_3220_v3__firmware *
korenix jetwave_3220_v3 -
korenix jetwave_3420_v3__firmware *
korenix jetwave_3420_v3 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75D969F-7446-4A9D-A1AC-435B26A1A466",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF0A74A-7F26-4F01-83E9-02F49167919D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D43809D-7E10-4BF8-A2F6-C2CDAE7300AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491724C-2AF4-4044-8ED7-7719FA27C7A7",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB47A49D-E233-4DC0-BBB6-16AA737B3897",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9241317A-63E6-490D-99DF-65AD99A9A0AD",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D421BE-1FFA-41C2-8A44-9EA6114F420F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2111_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFACC84-6465-4F7A-B9DC-977754365D46",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FDFF00-FF95-4B37-92AF-2468075C8434",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2411l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBF38C26-8E92-4BE0-BD18-95F87FBF501A",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2411l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4310805B-4D4E-4635-899B-796494B1309A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2111l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3502DF-35D5-46F5-AF62-D852815FF2FF",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2111l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E10C3AD-4A59-4EAF-B7E5-4A5F0DC96C30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2414_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B04DBC-6BB0-465D-A977-0D25F9421F76",
              "versionEndExcluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D6F8F8-4872-4AF4-966F-FC6EB0D98154",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2114_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31641276-2563-4D16-912D-0128BD0A9842",
              "versionEndExcluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2114:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCEDECC8-2A8E-4DEB-BAEC-F4B66CAFE672",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2424_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BB504F-E8F0-44B8-B458-B1E04F67D05E",
              "versionEndExcluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D6F8F8-4872-4AF4-966F-FC6EB0D98154",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2460_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E947CE3-FF1D-40C7-8A34-0020E2D3FA75",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2460:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8EAD94-829D-4BE6-B725-598CD0D803E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B834DDE-9459-4053-87E5-63EF23B9139A",
              "versionEndIncluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_4221hp-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C8BF4A-24BE-495E-A065-82941602C703",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD8890-959C-4FDA-934F-00750C93E653",
              "versionEndExcluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F983F121-0CCD-4D33-9A4C-70D6ED452546",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D6BCF-37F3-49C8-9E9E-CF3E914B3C23",
              "versionEndExcluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3420_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CFF07AD-FDC3-492A-BDF4-CE4C510AF664",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault."
    }
  ],
  "id": "CVE-2023-23296",
  "lastModified": "2025-03-17T19:15:19.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-23T23:15:11.007",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-15 19:15
Modified
2024-11-21 04:59
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
References
info@cert.vde.comhttp://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
info@cert.vde.comhttp://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
info@cert.vde.comhttp://seclists.org/fulldisclosure/2021/Jun/0Mailing List, Third Party Advisory
info@cert.vde.comhttps://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
info@cert.vde.comhttps://cert.vde.com/en-us/advisories/vde-2020-053Third Party Advisory
info@cert.vde.comhttps://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Jun/0Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2020-053Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Third Party Advisory
Impacted products
Vendor Product Version
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es7510-xt -
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es8509-xt -
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs es8510-xt -
pepperl-fuchs es9528-xtv2_firmware *
pepperl-fuchs es9528-xtv2 -
pepperl-fuchs es7506_firmware *
pepperl-fuchs es7506 -
pepperl-fuchs es7510_firmware *
pepperl-fuchs es7510 -
pepperl-fuchs es7528_firmware *
pepperl-fuchs es7528 -
pepperl-fuchs es8508_firmware *
pepperl-fuchs es8508 -
pepperl-fuchs es8508f_firmware *
pepperl-fuchs es8508f -
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8510 -
pepperl-fuchs es8510-xte_firmware *
pepperl-fuchs es8510-xte -
pepperl-fuchs es9528_firmware *
pepperl-fuchs es9528 -
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es9528-xt -
pepperl-fuchs icrl-m-8rj45\/4sfp-g-din_firmware *
pepperl-fuchs icrl-m-8rj45\/4sfp-g-din -
pepperl-fuchs icrl-m-16rj45\/4cp-g-din_firmware *
pepperl-fuchs icrl-m-16rj45\/4cp-g-din -
korenix jetnet_5428g-20sfp_firmware -
korenix jetnet_5428g-20sfp -
korenix jetnet_5810g_firmware -
korenix jetnet_5810g -
korenix jetnet_4706f_firmware -
korenix jetnet_4706f -
korenix jetnet_4706_firmware -
korenix jetnet_4706 -
korenix jetnet_4510_firmware -
korenix jetnet_4510 -
korenix jetnet_5010_firmware -
korenix jetnet_5010 -
korenix jetnet_5310_firmware -
korenix jetnet_5310 -
korenix jetnet_6095_firmware -
korenix jetnet_6095 -
pepperl-fuchs icrl-m-16rj45\/4cp-g-din_firmware -
pepperl-fuchs icrl-m-16rj45\/4cp-g-din -
pepperl-fuchs icrl-m-8rj45\/4sfp-g-din_firmware -
pepperl-fuchs icrl-m-8rj45\/4sfp-g-din -
korenix jetwave_2212x_firmware -
korenix jetwave_2212x -
korenix jetwave_2212s_firmware -
korenix jetwave_2212s -
korenix jetwave_2212g_firmware -
korenix jetwave_2212g -
korenix jetwave_2311_firmware -
korenix jetwave_2311 -
korenix jetwave_3220_firmware -
korenix jetwave_3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69279E51-1B3D-40F1-BC05-E7DE4FCF81D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7510-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FA814F-1C0E-4400-AA54-62520BD62F49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "235B73CF-E9EE-46BC-A89F-A27EC816420F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8509-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "663998ED-61CC-40CE-A580-4D40E28FA5DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE2FFF7-9BEC-4456-9659-F1BC3E72508C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF4AB5DA-CFEB-4F15-948D-1B5E08ADB370",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFE9808-FA4D-4D8D-836D-7896ABD4DB6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B6AD07-2B10-4B56-A08E-D9DBF98FF06E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7506_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAB2AE4-E231-4485-89D3-4B153E7DFA60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7506:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA6817C-7F79-42D9-BD4A-87B9278EE005",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81A766-C11C-4F1F-8D6D-66DA1067D04A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AC80E6-5276-4209-8C11-889A88547934",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7528_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F78AC1-DD60-4035-A573-1FBC94BC2CFB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7528:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EF18AA-0305-48E6-BA3E-0921AAFAD21A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8508_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1070-A455-46A2-B677-1C55B78A872A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D1152B-2CC1-47CB-967C-450E54AA0AC2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8508f_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "679D27C7-C1AD-4B5F-9EF6-8559EDC48190",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8508f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2AB75DB-57CA-49C5-86AB-75D766F23D24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44ECCFCA-EE3D-4E66-BFB9-D5DC2CBBCB69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C58A4C3-2DD2-4B24-8C16-806041276486",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4475C9-C8B6-4BE7-9DEC-4E3BD3616711",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510-xte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89EB4DB0-519A-47DD-B1A5-AD50071DD045",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B014C8-A75E-4A84-BB99-183CC44EB090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5942FAF3-99D9-421A-92E3-5CA16A5B3E5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF77744F-88F7-44E9-AA5C-7D0F0B664FAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2C76E-3724-4626-B25E-EBCF5FE74C90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45\\/4sfp-g-din_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9738DF5-E6B5-4379-BDFC-48B0E904BBD8",
              "versionEndIncluding": "1.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45\\/4sfp-g-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D839E1-3306-4211-A168-C5C2A8B5A40C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45\\/4cp-g-din_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC56E59-F6D6-477D-929F-CD38DA94C76B",
              "versionEndIncluding": "1.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45\\/4cp-g-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "376BBE27-BC5B-4A8A-9DF6-C9982A797953",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_5428g-20sfp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "327FC8D6-E59D-4DC5-918B-0AEBB07B2075",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41A504D7-8B61-4D78-9D66-9687D6110F47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_5810g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD9A573B-3C73-4212-A562-C912EDF0C881",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6C2282-D4E5-40FC-9C1A-749C1B1C623A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_4706f_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D1F86D-261B-490C-A4A3-EAAA5DB2B8E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "875F22D5-57B9-43EB-A92C-9FB0EA948164",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_4706_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF01FC6A-9196-4B41-ACB1-46FC2EAD9A92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD089EE1-3D71-430C-9CA9-BE32470BEE27",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_4510_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AF6BE33-3CC3-4488-AF8E-6A5096F15C9D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C864A6A1-5E58-4EFE-85FC-DEDFBBC36473",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_5010_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F6BC0FF-63A0-4ADD-BD3A-F6DD1DB61356",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0896AC09-3022-4A14-93DB-D6BE6795C615",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_5310_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A42256-647A-4637-B05F-A9D70838A281",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86BE9095-B0A6-4268-AC78-453C462FB80B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet_6095_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BDA9563-F33F-4CC8-96F8-4B9954738A05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E6FE6C-873E-4C58-B590-3888BCE38F1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45\\/4cp-g-din_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DA324E0-360A-4763-BC42-EF0E1D67BBC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45\\/4cp-g-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "376BBE27-BC5B-4A8A-9DF6-C9982A797953",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45\\/4sfp-g-din_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC15A58-A2F9-4EF9-8397-BA3926845BAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45\\/4sfp-g-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D839E1-3306-4211-A168-C5C2A8B5A40C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70057501-308B-4D70-BD7E-C741AAAB0A82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2ECE66-7592-4229-99DE-8FCF637D427E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C212D51-777C-40FE-A4BD-9FA6E760799E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F195F448-A392-4DCA-8DC4-D1453873AB84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCA04DB-7738-4076-9D6B-22CE1C283806",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F178611-DA1B-4279-9E72-5959B83F3AFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B8C6FD-E29D-4207-9016-BD1ECCD81655",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Autorizaci\u00f3n Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a m\u00faltiples inyecciones de comandos autenticados"
    }
  ],
  "id": "CVE-2020-12503",
  "lastModified": "2024-11-21T04:59:49.137",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-15T19:15:11.753",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-02-23 23:15
Modified
2025-03-17 19:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
References
cve@mitre.orghttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
korenix jetwave_2212g_firmware 1.3.t
korenix jetwave_2212g -
korenix jetwave_2212x_firmware 1.3.0
korenix jetwave_2212x -
korenix jetwave_2212s_firmware 1.3.0
korenix jetwave_2212s -
korenix jetwave_2211c_firmware *
korenix jetwave_2211c -
korenix jetwave_2411_firmware *
korenix jetwave_2411 -
korenix jetwave_2111_firmware *
korenix jetwave_2111 -
korenix jetwave_2411l_firmware *
korenix jetwave_2411l -
korenix jetwave_2111l_firmware *
korenix jetwave_2111l -
korenix jetwave_2414_firmware *
korenix jetwave_2414 -
korenix jetwave_2114_firmware *
korenix jetwave_2114 -
korenix jetwave_2424_firmware *
korenix jetwave_2414 -
korenix jetwave_2460_firmware *
korenix jetwave_2460 -
korenix jetwave_4221hp-e__firmware *
korenix jetwave_4221hp-e -
korenix jetwave_3220_v3__firmware *
korenix jetwave_3220_v3 -
korenix jetwave_3420_v3__firmware *
korenix jetwave_3420_v3 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75D969F-7446-4A9D-A1AC-435B26A1A466",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF0A74A-7F26-4F01-83E9-02F49167919D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D43809D-7E10-4BF8-A2F6-C2CDAE7300AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491724C-2AF4-4044-8ED7-7719FA27C7A7",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB47A49D-E233-4DC0-BBB6-16AA737B3897",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9241317A-63E6-490D-99DF-65AD99A9A0AD",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D421BE-1FFA-41C2-8A44-9EA6114F420F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2111_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFACC84-6465-4F7A-B9DC-977754365D46",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FDFF00-FF95-4B37-92AF-2468075C8434",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2411l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBF38C26-8E92-4BE0-BD18-95F87FBF501A",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2411l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4310805B-4D4E-4635-899B-796494B1309A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2111l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3502DF-35D5-46F5-AF62-D852815FF2FF",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2111l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E10C3AD-4A59-4EAF-B7E5-4A5F0DC96C30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2414_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B04DBC-6BB0-465D-A977-0D25F9421F76",
              "versionEndExcluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D6F8F8-4872-4AF4-966F-FC6EB0D98154",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2114_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31641276-2563-4D16-912D-0128BD0A9842",
              "versionEndExcluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2114:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCEDECC8-2A8E-4DEB-BAEC-F4B66CAFE672",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2424_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BB504F-E8F0-44B8-B458-B1E04F67D05E",
              "versionEndExcluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D6F8F8-4872-4AF4-966F-FC6EB0D98154",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2460_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E947CE3-FF1D-40C7-8A34-0020E2D3FA75",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2460:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8EAD94-829D-4BE6-B725-598CD0D803E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B834DDE-9459-4053-87E5-63EF23B9139A",
              "versionEndIncluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_4221hp-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C8BF4A-24BE-495E-A065-82941602C703",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD8890-959C-4FDA-934F-00750C93E653",
              "versionEndExcluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F983F121-0CCD-4D33-9A4C-70D6ED452546",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D6BCF-37F3-49C8-9E9E-CF3E914B3C23",
              "versionEndExcluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3420_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CFF07AD-FDC3-492A-BDF4-CE4C510AF664",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root."
    }
  ],
  "id": "CVE-2023-23295",
  "lastModified": "2025-03-17T19:15:18.787",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-23T23:15:10.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-02-06 21:15
Modified
2024-11-21 06:19
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
References
cve@mitre.orghttp://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://www.korenix.com/en/product/search.aspx?kw=JetWaveProduct, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.korenix.com/en/product/search.aspx?kw=JetWaveProduct, Vendor Advisory
Impacted products
Vendor Product Version
korenix jetwave_2212s_firmware *
korenix jetwave_2212s -
korenix jetwave_2212g_firmware *
korenix jetwave_2212g -
korenix jetwave_2311_firmware *
korenix jetwave_2311 -
korenix jetwave_3220_firmware *
korenix jetwave_3220 3
korenix jetwave_3420_firmware *
korenix jetwave_3420 3
korenix jetwave_2212x_firmware *
korenix jetwave_2212x -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6476B909-64EC-474E-B14C-C0B96B79D48A",
              "versionEndExcluding": "1.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75752AC-0017-4D03-AD40-C9F0111A343A",
              "versionEndExcluding": "1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2311_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "876F3CB2-88AD-4DD5-9F63-48D2AF31E12C",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCA04DB-7738-4076-9D6B-22CE1C283806",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF98100-C46B-4F3A-BE1E-55DAB1833855",
              "versionEndExcluding": "1.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "05B58CEF-952D-42E1-BC24-2708EA61D8DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5443D47C-DB22-4182-B1F1-80DB5726DE9C",
              "versionEndExcluding": "1.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3420:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D703E252-53AA-4811-8677-1CB49EE7CDF2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA11DDA4-4506-4E79-AD06-82E730FFBA94",
              "versionEndExcluding": "1.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31."
    },
    {
      "lang": "es",
      "value": "Algunos dispositivos Korenix JetWave permiten a usuarios autenticados ejecutar c\u00f3digo arbitrario como root por medio del archivo /syscmd.asp. Esto afecta al 2212X versiones anteriores a 1.9.1, al 2212S versiones anteriores a 1.9.1, al 2212G versiones anteriores a 1.8, al 3220 V3 versiones anteriores a 1.5.1, al 3420 V3 versiones anteriores a 1.5.1 y al 2311 hasta el 31-01-2022"
    }
  ],
  "id": "CVE-2021-39280",
  "lastModified": "2024-11-21T06:19:06.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-06T21:15:07.837",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://www.korenix.com/en/product/search.aspx?kw=JetWave"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://www.korenix.com/en/product/search.aspx?kw=JetWave"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-15 19:15
Modified
2024-11-21 04:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
References
info@cert.vde.comhttp://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
info@cert.vde.comhttp://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
info@cert.vde.comhttp://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.htmlExploit, Third Party Advisory
info@cert.vde.comhttp://seclists.org/fulldisclosure/2021/Jun/0Mailing List, Third Party Advisory
info@cert.vde.comhttp://seclists.org/fulldisclosure/2022/Jun/3Exploit, Mailing List, Third Party Advisory
info@cert.vde.comhttps://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
info@cert.vde.comhttps://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Jun/0Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Jun/3Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Third Party Advisory
Impacted products
Vendor Product Version
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es7510-xt -
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es8509-xt -
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs es8510-xt -
pepperl-fuchs es9528-xtv2_firmware *
pepperl-fuchs es9528-xtv2 -
pepperl-fuchs es7506_firmware *
pepperl-fuchs es7506 -
pepperl-fuchs es7510_firmware *
pepperl-fuchs es7510 -
pepperl-fuchs es7528_firmware *
pepperl-fuchs es7528 -
pepperl-fuchs es8508_firmware *
pepperl-fuchs es8508 -
pepperl-fuchs es8508f_firmware *
pepperl-fuchs es8508f -
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8510 -
pepperl-fuchs es8510-xte_firmware *
pepperl-fuchs es8510-xte -
pepperl-fuchs es9528_firmware *
pepperl-fuchs es9528 -
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es9528-xt -
korenix jetnet5428g-20sfp_firmware -
korenix jetnet_5428g-20sfp -
korenix jetnet5810g_firmware -
korenix jetnet_5810g -
korenix jetnet4510_firmware -
korenix jetnet_4510 -
korenix jetnet5010_firmware -
korenix jetnet_5010 -
korenix jetnet5310_firmware -
korenix jetnet_5310 -
korenix jetnet6095_firmware -
korenix jetnet_6095 -
korenix jetnet4706_firmware -
korenix jetnet_4706 -
korenix jetwave_3220_firmware -
korenix jetwave_3220 -
korenix jetwave_2311_firmware -
korenix jetwave_2311 -
korenix jetnet4706f_firmware -
korenix jetnet_4706f -
korenix jetwave_2212s_firmware -
korenix jetwave_2212s -
korenix jetwave_2212g_firmware -
korenix jetwave_2212g -
korenix jetwave_2212x_firmware -
korenix jetwave_2212x -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69279E51-1B3D-40F1-BC05-E7DE4FCF81D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7510-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FA814F-1C0E-4400-AA54-62520BD62F49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "235B73CF-E9EE-46BC-A89F-A27EC816420F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8509-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "663998ED-61CC-40CE-A580-4D40E28FA5DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE2FFF7-9BEC-4456-9659-F1BC3E72508C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF4AB5DA-CFEB-4F15-948D-1B5E08ADB370",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFE9808-FA4D-4D8D-836D-7896ABD4DB6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B6AD07-2B10-4B56-A08E-D9DBF98FF06E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7506_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAB2AE4-E231-4485-89D3-4B153E7DFA60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7506:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA6817C-7F79-42D9-BD4A-87B9278EE005",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81A766-C11C-4F1F-8D6D-66DA1067D04A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AC80E6-5276-4209-8C11-889A88547934",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7528_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F78AC1-DD60-4035-A573-1FBC94BC2CFB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7528:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EF18AA-0305-48E6-BA3E-0921AAFAD21A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8508_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1070-A455-46A2-B677-1C55B78A872A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D1152B-2CC1-47CB-967C-450E54AA0AC2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8508f_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "679D27C7-C1AD-4B5F-9EF6-8559EDC48190",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8508f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2AB75DB-57CA-49C5-86AB-75D766F23D24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44ECCFCA-EE3D-4E66-BFB9-D5DC2CBBCB69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C58A4C3-2DD2-4B24-8C16-806041276486",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4475C9-C8B6-4BE7-9DEC-4E3BD3616711",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510-xte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89EB4DB0-519A-47DD-B1A5-AD50071DD045",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B014C8-A75E-4A84-BB99-183CC44EB090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5942FAF3-99D9-421A-92E3-5CA16A5B3E5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF77744F-88F7-44E9-AA5C-7D0F0B664FAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2C76E-3724-4626-B25E-EBCF5FE74C90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet5428g-20sfp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39B7395-45AF-4EB3-985C-44CDADD11922",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41A504D7-8B61-4D78-9D66-9687D6110F47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet5810g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D2B98A-96AF-41B0-9936-D6B4D5D6B3DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6C2282-D4E5-40FC-9C1A-749C1B1C623A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet4510_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA08A63-8E2D-4759-9650-BDFF7DDFAC15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C864A6A1-5E58-4EFE-85FC-DEDFBBC36473",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet5010_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64895AB7-F14C-4602-B75C-FCCAC959C257",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0896AC09-3022-4A14-93DB-D6BE6795C615",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet5310_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "269A98AD-D9FC-4EC3-93A4-F09BA545CEA7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86BE9095-B0A6-4268-AC78-453C462FB80B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet6095_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "360E6861-48FD-49E2-BC65-C6D47E8B32D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E6FE6C-873E-4C58-B590-3888BCE38F1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet4706_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98ED84C6-2C50-40AE-9A44-1EFD1BA4202C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD089EE1-3D71-430C-9CA9-BE32470BEE27",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F178611-DA1B-4279-9E72-5959B83F3AFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B8C6FD-E29D-4207-9016-BD1ECCD81655",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2311_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F195F448-A392-4DCA-8DC4-D1453873AB84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCA04DB-7738-4076-9D6B-22CE1C283806",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetnet4706f_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83AE7FC-AB5A-4886-A834-8063320F3D3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "875F22D5-57B9-43EB-A92C-9FB0EA948164",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2ECE66-7592-4229-99DE-8FCF637D427E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C212D51-777C-40FE-A4BD-9FA6E760799E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70057501-308B-4D70-BD7E-C741AAAB0A82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Autorizaci\u00f3n Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones), utilizan cuentas no documentadas"
    }
  ],
  "id": "CVE-2020-12501",
  "lastModified": "2024-11-21T04:59:48.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-15T19:15:11.550",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-15 19:15
Modified
2024-11-21 04:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
References
info@cert.vde.comhttp://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
info@cert.vde.comhttp://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
info@cert.vde.comhttp://seclists.org/fulldisclosure/2021/Jun/0Exploit, Mailing List, Third Party Advisory
info@cert.vde.comhttps://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
info@cert.vde.comhttps://cert.vde.com/en-us/advisories/vde-2020-053Third Party Advisory
info@cert.vde.comhttps://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Jun/0Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2020-053Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es7510-xt -
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es8509-xt -
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs es8510-xt -
pepperl-fuchs es9528-xtv2_firmware *
pepperl-fuchs es9528-xtv2 -
pepperl-fuchs es7506_firmware *
pepperl-fuchs es7506 -
pepperl-fuchs es7510_firmware *
pepperl-fuchs es7510 -
pepperl-fuchs es7528_firmware *
pepperl-fuchs es7528 -
pepperl-fuchs es8508_firmware *
pepperl-fuchs es8508 -
pepperl-fuchs es8508f_firmware *
pepperl-fuchs es8508f -
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8510 -
pepperl-fuchs es8510-xte_firmware *
pepperl-fuchs es8510-xte -
pepperl-fuchs es9528_firmware *
pepperl-fuchs es9528 -
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es9528-xt -
pepperl-fuchs icrl-m-8rj45\/4sfp-g-din_firmware *
pepperl-fuchs icrl-m-8rj45\/4sfp-g-din -
pepperl-fuchs icrl-m-16rj45\/4cp-g-din_firmware *
pepperl-fuchs icrl-m-16rj45\/4cp-g-din -
korenix jetwave_2212s_firmware 1.5
korenix jetwave_2212s -
korenix jetwave_2212g_firmware 1.4
korenix jetwave_2212g -
korenix jetwave_2311_firmware 1.2
korenix jetwave_2311 -
korenix jetwave_3220_firmware 1.2
korenix jetwave_3220 -
korenix jetwave_3420_firmware 1.1.3t
korenix jetwave_3420 -
korenix jetwave_2212x_firmware 1.5
korenix jetwave_2212x -
korenix jetwave_5428g-20sfp_firmware 1.0
korenix jetwave_5428g-20sfp -
korenix jetwave_5810g_firmware 1.1
korenix jetwave_5810g -
korenix jetwave_5310_firmware 1.5
korenix jetwave_5310 -
korenix jetwave_5010_firmware 3.1a
korenix jetwave_5010 -
korenix jetwave_4706f_firmware 2.3b
korenix jetwave_4706f -
korenix jetwave_4706_firmware 2.3b
korenix jetwave_4706 -
korenix jetwave_4510_firmware 3.0b
korenix jetwave_4510 -
westermo pmi-110-f2g_firmware 1.5
westermo pmi-110-f2g -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C347B5-2C72-4777-BDD5-4E638599C231",
              "versionEndExcluding": "2.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7510-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FA814F-1C0E-4400-AA54-62520BD62F49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "235B73CF-E9EE-46BC-A89F-A27EC816420F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8509-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "663998ED-61CC-40CE-A580-4D40E28FA5DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE2FFF7-9BEC-4456-9659-F1BC3E72508C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF4AB5DA-CFEB-4F15-948D-1B5E08ADB370",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFE9808-FA4D-4D8D-836D-7896ABD4DB6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B6AD07-2B10-4B56-A08E-D9DBF98FF06E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7506_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BAB2AE4-E231-4485-89D3-4B153E7DFA60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7506:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA6817C-7F79-42D9-BD4A-87B9278EE005",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81A766-C11C-4F1F-8D6D-66DA1067D04A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AC80E6-5276-4209-8C11-889A88547934",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es7528_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F78AC1-DD60-4035-A573-1FBC94BC2CFB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es7528:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EF18AA-0305-48E6-BA3E-0921AAFAD21A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8508_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1070-A455-46A2-B677-1C55B78A872A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D1152B-2CC1-47CB-967C-450E54AA0AC2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8508f_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "679D27C7-C1AD-4B5F-9EF6-8559EDC48190",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8508f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2AB75DB-57CA-49C5-86AB-75D766F23D24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "601EA993-8A06-4259-8C55-0489D719FD5E",
              "versionEndExcluding": "3.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C58A4C3-2DD2-4B24-8C16-806041276486",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4475C9-C8B6-4BE7-9DEC-4E3BD3616711",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es8510-xte:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89EB4DB0-519A-47DD-B1A5-AD50071DD045",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B014C8-A75E-4A84-BB99-183CC44EB090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5942FAF3-99D9-421A-92E3-5CA16A5B3E5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF77744F-88F7-44E9-AA5C-7D0F0B664FAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:es9528-xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2C76E-3724-4626-B25E-EBCF5FE74C90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45\\/4sfp-g-din_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5520C5-3AA7-42CD-87E5-7B19DEF1D724",
              "versionEndIncluding": "1.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45\\/4sfp-g-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D839E1-3306-4211-A168-C5C2A8B5A40C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45\\/4cp-g-din_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB335DAA-18BB-4358-B9EF-3EC46214A292",
              "versionEndIncluding": "1.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45\\/4cp-g-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "376BBE27-BC5B-4A8A-9DF6-C9982A797953",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CF0218B-0A71-42C6-8726-CDB57C1CEDB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A0DC87-DDED-47F3-8A3A-A91A76ECBB59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2311_firmware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3482C24-5A52-44F6-B7DA-9DA13C739B5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCA04DB-7738-4076-9D6B-22CE1C283806",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_firmware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D071893-E557-4A31-A9E4-C4F809789CB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B8C6FD-E29D-4207-9016-BD1ECCD81655",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3420_firmware:1.1.3t:*:*:*:*:*:*:*",
              "matchCriteriaId": "18F5C066-24F1-4430-8EB6-95F35ED7D322",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2275A7D1-F49E-41D3-9A4D-879430381268",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C528D2E1-EA94-4AF3-ABE3-4B40A37A6307",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_5428g-20sfp_firmware:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB427B2-9B35-4078-B4CB-5B8064BC6C67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_5428g-20sfp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C67D76A0-55E8-4C44-8FC0-0AB52091A343",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_5810g_firmware:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C7BDFDF-FECB-4612-94C2-F48C82AFC8C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_5810g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39635E7-1956-4803-B342-B3A6EE6E2884",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_5310_firmware:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE4C42E0-EB2C-472D-92B7-3F72CA2235CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_5310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "054216BA-485D-45B5-A609-59870A0A2546",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_5010_firmware:3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0944EB4E-F713-4213-9464-A4DBF35C6DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D919CEF8-BD28-40D1-A8AC-A1FB60465536",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_4706f_firmware:2.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F87AF5-348B-45EC-AF5E-472B2747C7A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_4706f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8658D2-A925-443A-90C2-3D58AE410319",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_4706_firmware:2.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "907A32A1-4CD1-4CA7-A7A4-EF7F1A538EC1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_4706:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E50564C-8E01-4541-96E7-6625DE302676",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_4510_firmware:3.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E7F2889-2FD6-41F1-BA6C-02059A08896C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_4510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "780A3F7D-41F6-4A79-8148-6469C5715AAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westermo:pmi-110-f2g_firmware:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DE2DB41-97F0-442B-8B18-6F88ACA1BFBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westermo:pmi-110-f2g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0424E808-A1E7-4E44-9EE5-105DE18DF414",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Autorizaci\u00f3n Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, presentan un servicio TFTP activo"
    }
  ],
  "id": "CVE-2020-12504",
  "lastModified": "2024-11-21T04:59:49.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-15T19:15:11.993",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-912"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-02-23 23:15
Modified
2024-11-21 07:45
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
References
cve@mitre.orghttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
korenix jetwave_2212g_firmware 1.3.t
korenix jetwave_2212g -
korenix jetwave_2212x_firmware 1.3.0
korenix jetwave_2212x -
korenix jetwave_2212s_firmware 1.3.0
korenix jetwave_2212s -
korenix jetwave_2211c_firmware *
korenix jetwave_2211c -
korenix jetwave_2411_firmware *
korenix jetwave_2411 -
korenix jetwave_2111_firmware *
korenix jetwave_2111 -
korenix jetwave_2411l_firmware *
korenix jetwave_2411l -
korenix jetwave_2111l_firmware *
korenix jetwave_2111l -
korenix jetwave_2414_firmware *
korenix jetwave_2414 -
korenix jetwave_2114_firmware *
korenix jetwave_2114 -
korenix jetwave_2424_firmware *
korenix jetwave_2414 -
korenix jetwave_2460_firmware *
korenix jetwave_2460 -
korenix jetwave_4221hp-e__firmware *
korenix jetwave_4221hp-e -
korenix jetwave_3220_v3__firmware *
korenix jetwave_3220_v3 -
korenix jetwave_3420_v3__firmware *
korenix jetwave_3420_v3 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212g_firmware:1.3.t:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75D969F-7446-4A9D-A1AC-435B26A1A466",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CF79B1-A8F9-4A3E-998A-8A7440659560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212x_firmware:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF0A74A-7F26-4F01-83E9-02F49167919D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1DB499F-F9EB-457F-9FFA-AAB262C503B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2212s_firmware:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D43809D-7E10-4BF8-A2F6-C2CDAE7300AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22491473-357B-4E88-9006-6688DCA38D67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2211c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E491724C-2AF4-4044-8ED7-7719FA27C7A7",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2211c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB47A49D-E233-4DC0-BBB6-16AA737B3897",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2411_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9241317A-63E6-490D-99DF-65AD99A9A0AD",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2411:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D421BE-1FFA-41C2-8A44-9EA6114F420F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2111_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFACC84-6465-4F7A-B9DC-977754365D46",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FDFF00-FF95-4B37-92AF-2468075C8434",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2411l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBF38C26-8E92-4BE0-BD18-95F87FBF501A",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2411l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4310805B-4D4E-4635-899B-796494B1309A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2111l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3502DF-35D5-46F5-AF62-D852815FF2FF",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2111l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E10C3AD-4A59-4EAF-B7E5-4A5F0DC96C30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2414_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B04DBC-6BB0-465D-A977-0D25F9421F76",
              "versionEndExcluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D6F8F8-4872-4AF4-966F-FC6EB0D98154",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2114_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31641276-2563-4D16-912D-0128BD0A9842",
              "versionEndExcluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2114:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCEDECC8-2A8E-4DEB-BAEC-F4B66CAFE672",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2424_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BB504F-E8F0-44B8-B458-B1E04F67D05E",
              "versionEndExcluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2414:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D6F8F8-4872-4AF4-966F-FC6EB0D98154",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_2460_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E947CE3-FF1D-40C7-8A34-0020E2D3FA75",
              "versionEndExcluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_2460:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8EAD94-829D-4BE6-B725-598CD0D803E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_4221hp-e__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B834DDE-9459-4053-87E5-63EF23B9139A",
              "versionEndIncluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_4221hp-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C8BF4A-24BE-495E-A065-82941602C703",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3220_v3__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD8890-959C-4FDA-934F-00750C93E653",
              "versionEndExcluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F983F121-0CCD-4D33-9A4C-70D6ED452546",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:korenix:jetwave_3420_v3__firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3D6BCF-37F3-49C8-9E9E-CF3E914B3C23",
              "versionEndExcluding": "1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:korenix:jetwave_3420_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CFF07AD-FDC3-492A-BDF4-CE4C510AF664",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root."
    }
  ],
  "id": "CVE-2023-23294",
  "lastModified": "2024-11-21T07:45:56.430",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-23T23:15:10.847",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}