CVE-2023-49897

2023-12-0607:15:41

CWE-78

[email protected]

web.nvd.nist.gov

124

In Wild

cve-2023-49897

os command injection

ae1021pe

ae1021

firmware

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

Affected configurations

Vulners

NVD

Node

fxc_inc.ae1021peMatch2.0.9

fxc_inc.ae1021Match2.0.9

CPENameOperatorVersion
fxc:ae1021_firmwarefxc ae1021 firmwarelt2.0.10

CPE	Name	Operator	Version
fxc:ae1021_firmware	fxc ae1021 firmware	lt	2.0.10

CNA Affected

[
  {
    "vendor": "FXC Inc.",
    "product": "AE1021PE",
    "versions": [
      {
        "version": "2.0.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FXC Inc.",
    "product": "AE1021",
    "versions": [
      {
        "version": "2.0.9 and earlier",
        "status": "affected"
      }
    ]
  }
]