CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23295
https://notcve.org/view.php?id=CVE-2023-23295
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23296
https://notcve.org/view.php?id=CVE-2023-23296
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23294
https://notcve.org/view.php?id=CVE-2023-23294
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •