CVE-2017-14021

Published: Nov 1, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.

Affected (9)

Products: Korenix: Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g 2g 2fx Firmware, Jetnet5628g Firmware, Jetnet5628g R Firmware, Jetnet5728g 24p Firmware, Jetnet5828g Firmware, Jetnet6710g Firmware, Jetnet6710g Hvdc Firmware

Korenix

9 products

Jetnet5018g Firmware

Jetnet5310g Firmware

Jetnet5428g 2g 2fx Firmware

Jetnet5628g Firmware

Jetnet5628g R Firmware

Jetnet5728g 24p Firmware

Jetnet5828g Firmware

Jetnet6710g Firmware

Jetnet6710g Hvdc Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5018g Firmware	Version 1.4

Running on/with	Platform Versions
Korenix Jetnet 5018g	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5310g Firmware	Version 1.4a

Running on/with	Platform Versions
Korenix Jetnet 5310g	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5428g 2g 2fx Firmware	Version 1.4

Running on/with	Platform Versions
Korenix Jetnet 5428g 2g 2fx	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5628g Firmware	Version 1.4

Running on/with	Platform Versions
Korenix Jetnet 5628g	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5628g R Firmware	Version 1.4

Running on/with	Platform Versions
Korenix Jetnet 5628g R	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5728g 24p Firmware	Version 1.4

Running on/with	Platform Versions
Korenix Jetnet 5728g 24p	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5828g Firmware	Version 1.1d

Running on/with	Platform Versions
Korenix Jetnet 5828g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet6710g Firmware	Version 1.1

Running on/with	Platform Versions
Korenix Jetnet 6710g	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet6710g Hvdc Firmware	Version 11e

Running on/with	Platform Versions
Korenix Jetnet 6710g Hvdc	All versions

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://www.securityfocus.com/bid/101598

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/101598

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.