{"vulnerability": "CVE-2023-2329", "sightings": [{"uuid": "3c8a646f-7d29-46ab-aa47-d70e1e3463e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23294", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7302", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23294\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.\n\ud83d\udccf Published: 2023-02-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T14:29:59.305Z\n\ud83d\udd17 References:\n1. https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/", "creation_timestamp": "2025-03-12T14:40:36.000000Z"}, {"uuid": "066ce7ba-9afb-4d88-9571-2e2377323f8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23298", "type": "seen", "source": "https://t.me/cibsecurity/64649", "content": "\u203c CVE-2023-23298 \u203c\n\nThe `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T00:37:22.000000Z"}, {"uuid": "12619ce0-c670-46b8-a635-15102a6a2354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23294", "type": "seen", "source": "https://t.me/cibsecurity/58841", "content": "\u203c CVE-2023-23294 \u203c\n\nKorenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T05:46:11.000000Z"}, {"uuid": "38177700-ec60-4388-afb7-7c156a5b578d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23296", "type": "seen", "source": "https://t.me/cibsecurity/58839", "content": "\u203c CVE-2023-23296 \u203c\n\nKorenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T03:18:38.000000Z"}, {"uuid": "3e6da1cb-a94c-470b-a168-de32c5059c78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23295", "type": "seen", "source": "https://t.me/cibsecurity/58838", "content": "\u203c CVE-2023-23295 \u203c\n\nKorenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T03:18:37.000000Z"}, {"uuid": "8732b42b-c61e-467c-b091-c4f6f6547a53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23299", "type": "seen", "source": "https://t.me/cibsecurity/64658", "content": "\u203c CVE-2023-23299 \u203c\n\nThe permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T00:40:33.000000Z"}]}