← Voltar para CVEs
CVE-2023-5376
HIGH8.6
Descricao
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
Detalhes CVE
Pontuacao CVSS v3.18.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/9/2024
Ultima modificacao10/8/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
korenix:jetnet_4508korenix:jetnet_4508-wkorenix:jetnet_4508-w_firmwarekorenix:jetnet_4508_firmwarekorenix:jetnet_4508f-mkorenix:jetnet_4508f-m_firmwarekorenix:jetnet_4508f-mwkorenix:jetnet_4508f-mw_firmwarekorenix:jetnet_4508f-skorenix:jetnet_4508f-s_firmwarekorenix:jetnet_4508f-swkorenix:jetnet_4508f-sw_firmwarekorenix:jetnet_4508i-wkorenix:jetnet_4508i-w_firmwarekorenix:jetnet_4508if-mkorenix:jetnet_4508if-m_firmwarekorenix:jetnet_4508if-mwkorenix:jetnet_4508if-mw_firmwarekorenix:jetnet_4508if-skorenix:jetnet_4508if-s_firmwarekorenix:jetnet_4508if-swkorenix:jetnet_4508if-sw_firmwarekorenix:jetnet_5310gkorenix:jetnet_5310g_firmwarekorenix:jetnet_5612g-4fkorenix:jetnet_5612g-4f_firmwarekorenix:jetnet_5612gp-4fkorenix:jetnet_5612gp-4f_firmwarekorenix:jetnet_5620g-4ckorenix:jetnet_5620g-4c_firmwarekorenix:jetnet_5728g-24p-ac-2dc-eukorenix:jetnet_5728g-24p-ac-2dc-eu_firmwarekorenix:jetnet_5728g-24p-ac-2dc-uskorenix:jetnet_5728g-24p-ac-2dc-us_firmwarekorenix:jetnet_6528gf-2ac-eukorenix:jetnet_6528gf-2ac-eu_firmwarekorenix:jetnet_6528gf-2ac-uskorenix:jetnet_6528gf-2ac-us_firmwarekorenix:jetnet_6528gf-2dc24korenix:jetnet_6528gf-2dc24_firmwarekorenix:jetnet_6528gf-2dc48korenix:jetnet_6528gf-2dc48_firmwarekorenix:jetnet_6528gf-ac-eukorenix:jetnet_6528gf-ac-eu_firmwarekorenix:jetnet_6528gf-ac-uskorenix:jetnet_6528gf-ac-us_firmwarekorenix:jetnet_6628x-4f-eukorenix:jetnet_6628x-4f-eu_firmwarekorenix:jetnet_6628xp-4f-uskorenix:jetnet_6628xp-4f-us_firmwarekorenix:jetnet_6728g-24p-ac-2dc-eukorenix:jetnet_6728g-24p-ac-2dc-eu_firmwarekorenix:jetnet_6728g-24p-ac-2dc-uskorenix:jetnet_6728g-24p-ac-2dc-us_firmwarekorenix:jetnet_6828gf-2ac-aukorenix:jetnet_6828gf-2ac-au_firmwarekorenix:jetnet_6828gf-2ac-eukorenix:jetnet_6828gf-2ac-eu_firmwarekorenix:jetnet_6828gf-2ac-uskorenix:jetnet_6828gf-2ac-us_firmwarekorenix:jetnet_6828gf-2dc24korenix:jetnet_6828gf-2dc24_firmwarekorenix:jetnet_6828gf-2dc48korenix:jetnet_6828gf-2dc48_firmwarekorenix:jetnet_6828gf-ac-dc24-eukorenix:jetnet_6828gf-ac-dc24-eu_firmwarekorenix:jetnet_6828gf-ac-dc24-uskorenix:jetnet_6828gf-ac-dc24-us_firmwarekorenix:jetnet_6828gf-ac-uskorenix:jetnet_6828gf-ac-us_firmwarekorenix:jetnet_6910g-m12_hvdckorenix:jetnet_6910g-m12_hvdc_firmwarekorenix:jetnet_7310g-v2korenix:jetnet_7310g-v2_firmwarekorenix:jetnet_7628x-4f-eukorenix:jetnet_7628x-4f-eu_firmwarekorenix:jetnet_7628x-4f-uskorenix:jetnet_7628x-4f-us_firmwarekorenix:jetnet_7628xp-4f-eukorenix:jetnet_7628xp-4f-eu_firmwarekorenix:jetnet_7628xp-4f-uskorenix:jetnet_7628xp-4f-us_firmwarekorenix:jetnet_7714g-m12_hvdckorenix:jetnet_7714g-m12_hvdc_firmware
Fraquezas (CWE)
CWE-306CWE-287
Referencias
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html(office@cyberdanube.com)
http://seclists.org/fulldisclosure/2024/Jan/11(office@cyberdanube.com)
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/(office@cyberdanube.com)
https://www.beijerelectronics.com/en/support/Help___online?docId=69947(office@cyberdanube.com)
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jan/11(af854a3a-2127-422b-91ae-364da2661108)
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/(af854a3a-2127-422b-91ae-364da2661108)
https://www.beijerelectronics.com/en/support/Help___online?docId=69947(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.