1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. FXC AE1021, AE1021PE OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2023-49897 Mappings

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability secondary_impact T1498 Network Denial of Service
Comments
CVE-2023-49897 is an OS command injection vulnerability affecting AE1021PE firmware. This vulnerability has been publicly reported to be leveraged during the InfectedSlurs campaign to install a Mirai malware variant with the intention of creating a distributed denial-of-service (DDoS) botnet with these infected devices.
References
  1. https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched
  2. https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html
  3. https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability primary_impact T1496 Resource Hijacking
Comments
CVE-2023-49897 is an OS command injection vulnerability affecting AE1021PE firmware. This vulnerability has been publicly reported to be leveraged during the InfectedSlurs campaign to install a Mirai malware variant with the intention of creating a distributed denial-of-service (DDoS) botnet with these infected devices.
References
  1. https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched
  2. https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html
  3. https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
CVE-2023-49897 is an OS command injection vulnerability affecting AE1021PE firmware. This vulnerability has been publicly reported to be leveraged during the InfectedSlurs campaign to install a Mirai malware variant with the intention of creating a distributed denial-of-service (DDoS) botnet with these infected devices.
References
  1. https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched
  2. https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html
  3. https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days