Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for jetnet_5310g_firmware by korenix

    CVE-2023-5376 (GCVE-0-2023-5376)

    Vulnerability from nvd – Published: 2024-01-09 09:44 – Updated: 2025-10-08 09:12
    VLAI
    Title
    TFTP Without Authentication
    Summary
    An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Korenix JetNet Series Affected: firmware older than 2024/01
    Create a notification for this product.
    Credits
    S. Dietz (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-14T15:27:48.719387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T15:28:15.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "JetNet Series",
              "vendor": "Korenix",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware older than 2024/01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "S. Dietz (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects JetNet devices older than firmware version 2024/01.\u003c/span\u003e"
                }
              ],
              "value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:12:42.388Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            },
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "TFTP Without Authentication",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "See:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\"\u003ehttps://www.beijerelectronics.com/en/support/Help___online?docId=69947\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "See:\u00a0 https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2023-5376",
        "datePublished": "2024-01-09T09:44:18.108Z",
        "dateReserved": "2023-10-04T09:30:19.108Z",
        "dateUpdated": "2025-10-08T09:12:42.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5347 (GCVE-0-2023-5347)

    Vulnerability from nvd – Published: 2024-01-09 09:54 – Updated: 2025-10-08 09:10
    VLAI
    Title
    Unauthenticated Firmware Upgrade
    Summary
    An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Korenix JetNet Series Affected: firmware older than 2024/01
    Create a notification for this product.
    Credits
    S. Dietz (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5347",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:33:17.516940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:33:02.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "JetNet Series",
              "vendor": "Korenix",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware older than 2024/01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "S. Dietz (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects JetNet devices older than firmware version 2024/01.\u003c/span\u003e"
                }
              ],
              "value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-558",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-558 Replace Trusted Executable"
                }
              ]
            },
            {
              "capecId": "CAPEC-552",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-552 Install Rootkit"
                }
              ]
            },
            {
              "capecId": "CAPEC-642",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-642 Replace Binaries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:10:00.840Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            },
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unauthenticated Firmware Upgrade",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "See:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\"\u003ehttps://www.beijerelectronics.com/en/support/Help___online?docId=69947\u003c/a\u003e"
                }
              ],
              "value": "See:\u00a0 https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2023-5347",
        "datePublished": "2024-01-09T09:54:59.664Z",
        "dateReserved": "2023-10-03T08:11:00.343Z",
        "dateUpdated": "2025-10-08T09:10:00.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5347 (GCVE-0-2023-5347)

    Vulnerability from cvelistv5 – Published: 2024-01-09 09:54 – Updated: 2025-10-08 09:10
    VLAI
    Title
    Unauthenticated Firmware Upgrade
    Summary
    An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Korenix JetNet Series Affected: firmware older than 2024/01
    Create a notification for this product.
    Credits
    S. Dietz (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5347",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:33:17.516940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:33:02.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "JetNet Series",
              "vendor": "Korenix",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware older than 2024/01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "S. Dietz (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects JetNet devices older than firmware version 2024/01.\u003c/span\u003e"
                }
              ],
              "value": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-558",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-558 Replace Trusted Executable"
                }
              ]
            },
            {
              "capecId": "CAPEC-552",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-552 Install Rootkit"
                }
              ]
            },
            {
              "capecId": "CAPEC-642",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-642 Replace Binaries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:10:00.840Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            },
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unauthenticated Firmware Upgrade",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "See:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\"\u003ehttps://www.beijerelectronics.com/en/support/Help___online?docId=69947\u003c/a\u003e"
                }
              ],
              "value": "See:\u00a0 https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2023-5347",
        "datePublished": "2024-01-09T09:54:59.664Z",
        "dateReserved": "2023-10-03T08:11:00.343Z",
        "dateUpdated": "2025-10-08T09:10:00.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5376 (GCVE-0-2023-5376)

    Vulnerability from cvelistv5 – Published: 2024-01-09 09:44 – Updated: 2025-10-08 09:12
    VLAI
    Title
    TFTP Without Authentication
    Summary
    An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Korenix JetNet Series Affected: firmware older than 2024/01
    Create a notification for this product.
    Credits
    S. Dietz (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-14T15:27:48.719387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T15:28:15.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "JetNet Series",
              "vendor": "Korenix",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware older than 2024/01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "S. Dietz (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects JetNet devices older than firmware version 2024/01.\u003c/span\u003e"
                }
              ],
              "value": "An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service.\u00a0This issue affects JetNet devices older than firmware version 2024/01."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-08T09:12:42.388Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            },
            {
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "TFTP Without Authentication",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "See:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.beijerelectronics.com/en/support/Help___online?docId=69947\"\u003ehttps://www.beijerelectronics.com/en/support/Help___online?docId=69947\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "See:\u00a0 https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2023-5376",
        "datePublished": "2024-01-09T09:44:18.108Z",
        "dateReserved": "2023-10-04T09:30:19.108Z",
        "dateUpdated": "2025-10-08T09:12:42.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }