Korenix

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-5376 1Korenix 42Jetnet 4508 W Firmware Jetnet 4508 FirmwareJetnet 4508f M Firmware+39 more Oct 8, 2025 Jan 9, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
CVE-2023-5347 1Korenix 42Jetnet 4508 W Firmware Jetnet 4508 FirmwareJetnet 4508f M Firmware+39 more Oct 8, 2025 Jan 9, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet device...Show more An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.Show less
CVE-2023-23296 1Korenix 15Jetwave 2111 Firmware Jetwave 2111l FirmwareJetwave 2114 Firmware+12 more Mar 17, 2025 Feb 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
CVE-2023-23295 1Korenix 15Jetwave 2111 Firmware Jetwave 2111l FirmwareJetwave 2114 Firmware+12 more Mar 17, 2025 Feb 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
CVE-2023-23294 1Korenix 15Jetwave 2111 Firmware Jetwave 2111l FirmwareJetwave 2114 Firmware+12 more Nov 21, 2024 Feb 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
CVE-2021-39280 1Korenix 6Jetwave 2212g Firmware Jetwave 2212s FirmwareJetwave 2212x Firmware+3 more Nov 21, 2024 Feb 6, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5...Show more Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.Show less
CVE-2020-12504 3Korenix Pepperl FuchsWestermo 29Es7506 Firmware Es7510 Xt FirmwareEs7510 Firmware+26 more Nov 21, 2024 Oct 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and...Show more Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.Show less
CVE-2020-12503 2Korenix Pepperl Fuchs 28Es7506 Firmware Es7510 Xt FirmwareEs7510 Firmware+25 more Nov 21, 2024 Oct 15, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and...Show more Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.Show less
CVE-2020-12502 2Korenix Pepperl Fuchs 23Es7506 Firmware Es7510 Xt FirmwareEs7510 Firmware+20 more Nov 21, 2024 Oct 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and...Show more Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.Show less
CVE-2020-12501 2Korenix Pepperl Fuchs 26Es7506 Firmware Es7510 Xt FirmwareEs7510 Firmware+23 more Nov 21, 2024 Oct 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use...Show more Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.Show less
CVE-2019-9725 1Korenix 3Jetport 5601 Firmware Jetport 5601f FirmwareJetport Web Manager Nov 21, 2024 Mar 12, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
CVE-2017-14027 1Korenix 9Jetnet5018g Firmware Jetnet5310g FirmwareJetnet5428g 2g 2fx Firmware+6 more May 13, 2026 Nov 1, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24...Show more A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.Show less
CVE-2017-14021 1Korenix 9Jetnet5018g Firmware Jetnet5310g FirmwareJetnet5428g 2g 2fx Firmware+6 more May 13, 2026 Nov 1, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet57...Show more A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.Show less
CVE-2012-4577 1Korenix 1Jetport Apr 29, 2026 Aug 21, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote a...Show more The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.Show less