CVSS: 9.0EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23295
https://notcve.org/view.php?id=CVE-2023-23295
23 Feb 2023 — Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23294
https://notcve.org/view.php?id=CVE-2023-23294
23 Feb 2023 — Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23296
https://notcve.org/view.php?id=CVE-2023-23296
23 Feb 2023 — Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 1CVE-2021-39280 – Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
https://notcve.org/view.php?id=CVE-2021-39280
04 Feb 2022 — Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. Algunos dispositivos Korenix JetWave permiten a usuarios autenticados ejecutar código arbitrario como root por medio del archivo /syscmd.asp. Esto afecta al 2212X versiones anteriores a 1.9.1, al 2212S versiones anteriores a 1.9.1, al 2212G versiones anterior... • https://packetstorm.news/files/id/165875 •
CVSS: 9.8EPSS: 1%CPEs: 52EXPL: 7CVE-2020-12501 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12501
05 Oct 2020 — Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones), utilizan cuentas no documentadas Multiple ... • https://packetstorm.news/files/id/162903 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 4%CPEs: 60EXPL: 4CVE-2020-12503 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12503
05 Oct 2020 — Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES85... • https://packetstorm.news/files/id/162903 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 3%CPEs: 58EXPL: 6CVE-2020-12504 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12504
05 Oct 2020 — Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES... • https://packetstorm.news/files/id/162903 • CWE-912: Hidden Functionality •