CVE-2023-49897

HIGH KEV

FXC Ae1021 Firmware < 2.0.10 - OS Command Injection

Title source: rule

Description

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

References (5)

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU92152057/

[Exploit, Third Party Advisory] https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01

[Release Notes, Vendor Advisory] https://www.fxc.jp/news/20231206

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897

Scores

CVSS v3 8.8

EPSS 0.2405

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-12-21

VulnCheck KEV 2023-12-06

InTheWild.io 2023-12-16

ENISA EUVD EUVD-2023-53797

CWE

CWE-78

Status published

Products (2)

fxc/ae1021_firmware < 2.0.10

fxc/ae1021pe_firmware < 2.0.10

Published Dec 06, 2023

KEV Added Dec 21, 2023

Tracked Since Feb 18, 2026