← Zuruck zu CVEs
CVE-2023-49897
HIGHCISA KEV8.8
Beschreibung
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
CVE Details
CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht12/6/2023
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerFXC
ProduktAE1021, AE1021PE
SchwachstellennameFXC AE1021, AE1021PE OS Command Injection Vulnerability
KEV Aufnahmedatum2023-12-21
Behebungsfrist2024-01-11
Ransomware-NutzungUnknown
Betroffene Produkte
fxc:ae1021fxc:ae1021_firmwarefxc:ae1021pefxc:ae1021pe_firmware
Schwachen (CWE)
CWE-78CWE-78
Referenzen
https://jvn.jp/en/vu/JVNVU92152057/(vultures@jpcert.or.jp)
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched(vultures@jpcert.or.jp)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01(vultures@jpcert.or.jp)
https://www.fxc.jp/news/20231206(vultures@jpcert.or.jp)
https://jvn.jp/en/vu/JVNVU92152057/(af854a3a-2127-422b-91ae-364da2661108)
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.fxc.jp/news/20231206(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.