CVE-2023-49897

Name of the Vulnerable Software and Affected Versions FXC AE1021 firmware version 2.0.9 and earlier FXC AE1021PE firmware version 2.0.9 and earlier

Description An OS command injection vulnerability exists, allowing an attacker who can log in to the product to execute arbitrary OS commands. The vulnerability is related to the lack of measures to neutralize special elements used in the OS command. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. New botnet malware has been found to exploit this flaw in routers.

Recommendations For FXC AE1021 firmware version 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue. For FXC AE1021PE firmware version 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the product to minimize the risk of exploitation.