Vulnerability Details : CVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
Vulnerability category: Execute code
Products affected by CVE-2021-39280
- cpe:2.3:o:korenix:jetwave_2212s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:korenix:jetwave_2212g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:korenix:jetwave_2311_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:korenix:jetwave_3220_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:korenix:jetwave_3420_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:korenix:jetwave_2212x_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39280
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2021-39280
-
https://www.korenix.com/en/product/search.aspx?kw=JetWave
Korenix Technology (Beijer Group)- Industrial networking solution providerProduct;Vendor Advisory
-
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication ≈ Packet StormThird Party Advisory;VDB Entry
Jump to