An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU92152057/ | Third Party Advisory |
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched | Exploit Third Party Advisory |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01 | Third Party Advisory US Government Resource |
https://www.fxc.jp/news/20231206 | Release Notes Vendor Advisory |
Configurations
History
11 Jun 2024, 01:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/vu/JVNVU92152057/ - Third Party Advisory | |
References | () https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched - Exploit, Third Party Advisory | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01 - Third Party Advisory, US Government Resource |
22 Dec 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Dec 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fxc ae1021pe
Fxc ae1021 Firmware Fxc Fxc ae1021pe Firmware Fxc ae1021 |
|
References | () https://jvn.jp/en/vu/JVNVU92152057/ - Patch, Third Party Advisory | |
References | () https://www.fxc.jp/news/20231206 - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-78 | |
CPE | cpe:2.3:o:fxc:ae1021_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fxc:ae1021:-:*:*:*:*:*:*:* cpe:2.3:o:fxc:ae1021pe_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fxc:ae1021pe:-:*:*:*:*:*:*:* |
06 Dec 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-06 07:15
Updated : 2024-06-11 01:16
NVD link : CVE-2023-49897
Mitre link : CVE-2023-49897
CVE.ORG link : CVE-2023-49897
JSON object : View
Products Affected
fxc
- ae1021pe
- ae1021_firmware
- ae1021
- ae1021pe_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')