← back
CVE-2023-5347

Unauthenticated Firmware Upgrade

CVSS 9.8 CRITICALEPSS 1.3%CWE-327CWE-347
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Korenix · JetNet Series
public PoCs found1
cve_referencepacketstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.htmlhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/http://seclists.org/fulldisclosure/2024/Jan/11https://www.beijerelectronics.com/en/support/Help___online?docId=69947