CVE-2023-49897
HIGH KEVfxc AE1021 and AE1021PE Firmware < 2.0.10 - Authenticated OS Command Injection
Title source: llmExploitation Summary
CVE-2023-49897 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 21, 2023.
Description
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
References (5)
Core 5
Core References
Third Party Advisory
https://jvn.jp/en/vu/JVNVU92152057/
Exploit, Third Party Advisory
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01
Release Notes, Vendor Advisory
https://www.fxc.jp/news/20231206
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897
Scores
CVSS v3
8.8
EPSS
0.2441
EPSS Percentile
96.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-12-21
VulnCheck KEV
2023-12-06
InTheWild.io
2023-12-16
ENISA EUVD
EUVD-2023-53797
CWE
CWE-78
Status
published
Products (2)
fxc/ae1021_firmware
< 2.0.10
fxc/ae1021pe_firmware
< 2.0.10
Published
Dec 06, 2023
KEV Added
Dec 21, 2023
Tracked Since
Feb 18, 2026