← back
CVE-2023-49897

CVE-2023-49897

CVSS 8.8 HIGHEPSS 50.7%● KEVCWE-78
In short

A flaw in AE1021PE and AE1021 device firmware allows someone with login access to run unauthorized system commands on the device. This could let them take complete control of the device and access sensitive data.

Technical detail

OS command injection vulnerability in AE1021PE and AE1021 firmware ≤2.0.9 allows authenticated attackers to execute arbitrary OS commands through unsanitized input. Attack requires valid credentials and affects system integrity and confidentiality.

Summary generated and translated by AI from the official description.
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
FXC Inc. · AE1021FXC Inc. · AE1021PE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/vu/JVNVU92152057/https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patchedhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01https://www.fxc.jp/news/20231206