KEVIntel
Back to KEVs
8.8
CVSS
High

CVE-2023-49897

PUBLISHED

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this...

Exploited in the wild Remote Low complexity No user interaction
Vendor
FXC Inc.
Product
AE1021PE, AE1021
Published
Dec 06, 2023
EPSS

Description

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

cisa

CVSS scores

CVSS v3.1 8.8 High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-12-21 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Dec 21, 2023

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel