CVE-2023-5376
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD
Description
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
Affected (44)
Products: Korenix: Jetnet 5310g Firmware, Jetnet 4508 Firmware, Jetnet 4508i W Firmware, Jetnet 4508 W Firmware, Jetnet 4508if S Firmware, Jetnet 4508if M Firmware, Jetnet 4508if Sw Firmware, Jetnet 4508if Mw Firmware, Jetnet 4508f M Firmware, Jetnet 4508f S Firmware, Jetnet 4508f Mw Firmware, Jetnet 4508f Sw Firmware, Jetnet 5620g 4c Firmware, Jetnet 5612gp 4f Firmware, Jetnet 5612g 4f Firmware, Jetnet 5728g 24p Ac 2dc Us Firmware, Jetnet 5728g 24p Ac 2dc Eu Firmware, Jetnet 6528gf 2ac Eu Firmware, Jetnet 6528gf 2ac Us Firmware, Jetnet 6528gf 2dc24 Firmware, Jetnet 6528gf 2dc48 Firmware, Jetnet 6528gf Ac Eu Firmware, Jetnet 6528gf Ac Us Firmware, Jetnet 6628xp 4f Us Firmware, Jetnet 6628x 4f Eu Firmware, Jetnet 6728g 24p Ac 2dc Us Firmware, Jetnet 6728g 24p Ac 2dc Eu Firmware, Jetnet 6828gf 2dc48 Firmware, Jetnet 6828gf 2dc24 Firmware, Jetnet 6828gf Ac Dc24 Us Firmware, Jetnet 6828gf 2ac Us Firmware, Jetnet 6828gf Ac Us Firmware, Jetnet 6828gf 2ac Au Firmware, Jetnet 6828gf Ac Dc24 Eu Firmware, Jetnet 6828gf 2ac Eu Firmware, Jetnet 6910g M12 Hvdc Firmware, Jetnet 7310g V2 Firmware, Jetnet 7628xp 4f Us Firmware, Jetnet 7628xp 4f Eu Firmware, Jetnet 7628x 4f Us Firmware, Jetnet 7628x 4f Eu Firmware, Jetnet 7714g M12 Hvdc Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.6 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 5310g | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508i W | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508 W | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508if S | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508if M | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508if Sw | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508if Mw | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508f M | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508f S | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508f Mw | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 4508f Sw | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 5620g 4c | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 5612gp 4f | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 5612g 4f | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 5728g 24p Ac 2dc Us | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 5728g 24p Ac 2dc Eu | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6528gf 2ac Eu | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6528gf 2ac Us | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6528gf 2dc24 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6528gf 2dc48 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6528gf Ac Eu | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6528gf Ac Us | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6628xp 4f Us | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6628x 4f Eu | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6728g 24p Ac 2dc Us | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6728g 24p Ac 2dc Eu | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf 2dc48 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf 2dc24 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf Ac Dc24 Us | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf 2ac Us | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf Ac Us | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf 2ac Au | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf Ac Dc24 Eu | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6828gf 2ac Eu | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 6910g M12 Hvdc | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 7310g V2 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 7628xp 4f Us | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 7628xp 4f Eu | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 7628x 4f Us | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 7628x 4f Eu | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.0 |
| Running on/with | Platform Versions |
|---|---|
Korenix Jetnet 7714g M12 Hvdc | All versions |
Related CWEs
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References (8)
Source: office@cyberdanube.com
ExploitThird Party AdvisoryVDB Entry
Source: office@cyberdanube.com
ExploitMailing ListThird Party Advisory
Source: office@cyberdanube.com
ExploitThird Party Advisory
Source: office@cyberdanube.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.