CVE-2021-39280

Name of the Vulnerable Software and Affected Versions Korenix JetWave 2212X versions 1.9.0 and earlier Korenix JetWave 2212S versions 1.9.0 and earlier Korenix JetWave 2212G versions 1.7 and earlier Korenix JetWave 3220 V3 versions 1.5.0 and earlier Korenix JetWave 3420 V3 versions 1.5.0 and earlier Korenix JetWave 2311 versions prior to 2022-01-31

Description Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via the "/syscmd.asp" API endpoint. This issue can be exploited by authenticated users.

Recommendations For Korenix JetWave 2212X versions 1.9.0 and earlier, update to version 1.9.1 or later. For Korenix JetWave 2212S versions 1.9.0 and earlier, update to version 1.9.1 or later. For Korenix JetWave 2212G versions 1.7 and earlier, update to version 1.8 or later. For Korenix JetWave 3220 V3 versions 1.5.0 and earlier, update to version 1.5.1 or later. For Korenix JetWave 3420 V3 versions 1.5.0 and earlier, update to version 1.5.1 or later. For Korenix JetWave 2311 versions prior to 2022-01-31, ensure that the device is updated to a version released after 2022-01-31.