Overview
- Description
- An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Known exploits
Data from CISA
- Vulnerability name
- FXC AE1021, AE1021PE OS Command Injection Vulnerability
- Exploit added on
- Dec 21, 2023
- Exploit action due
- Jan 11, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:ae1021_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F8B5B94-BFD2-4037-B8E2-DCD4F843AD55",
"versionEndExcluding": "2.0.10"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:ae1021:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "03B391D9-2AF4-4889-BFA3-52C11B4390C5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:ae1021pe_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A110A774-F48F-4F4F-8EE0-FD17F94B8AB6",
"versionEndExcluding": "2.0.10"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:ae1021pe:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BB758E1E-0CF5-4CA6-9A08-2B33BF296D67"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]