CVE-2023-5376

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Jan/11	Exploit Mailing List Third Party Advisory
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/	Exploit Third Party Advisory
https://www.beijerelectronics.com/en/support/Help___online?docId=69947	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:korenix:jetnet_5310g_firmware:2.6:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508_firmware:2.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508i-w_firmware:1.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508i-w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508-w_firmware:2.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508-w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508if-s_firmware:1.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508if-s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508if-m_firmware:1.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508if-m:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508if-sw_firmware:1.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508if-sw:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508if-mw_firmware:1.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508if-mw:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508f-m_firmware:2.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508f-m:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508f-s_firmware:2.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508f-s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508f-mw_firmware:2.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508f-mw:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:korenix:jetnet_4508f-sw_firmware:2.3:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_4508f-sw:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:korenix:jetnet_5620g-4c_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_5620g-4c:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:korenix:jetnet_5612gp-4f_firmware:1.2:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_5612gp-4f:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:korenix:jetnet_5612g-4f_firmware:1.2:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_5612g-4f:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:korenix:jetnet_5728g-24p-ac-2dc-us_firmware:2.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_5728g-24p-ac-2dc-us:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:korenix:jetnet_5728g-24p-ac-2dc-eu_firmware:2.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_5728g-24p-ac-2dc-eu:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:korenix:jetnet_6528gf-2ac-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6528gf-2ac-eu:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:korenix:jetnet_6528gf-2ac-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6528gf-2ac-us:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:korenix:jetnet_6528gf-2dc24_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6528gf-2dc24:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:korenix:jetnet_6528gf-2dc48_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6528gf-2dc48:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:korenix:jetnet_6528gf-ac-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6528gf-ac-eu:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:korenix:jetnet_6528gf-ac-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6528gf-ac-us:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:korenix:jetnet_6628xp-4f-us_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6628xp-4f-us:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:korenix:jetnet_6628x-4f-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6628x-4f-eu:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:korenix:jetnet_6728g-24p-ac-2dc-us_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6728g-24p-ac-2dc-us:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:korenix:jetnet_6728g-24p-ac-2dc-eu_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6728g-24p-ac-2dc-eu:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-2dc48_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-2dc48:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-2dc24_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-2dc24:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-ac-dc24-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-ac-dc24-us:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-2ac-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-2ac-us:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-ac-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-ac-us:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-2ac-au_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-2ac-au:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-ac-dc24-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-ac-dc24-eu:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:korenix:jetnet_6828gf-2ac-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6828gf-2ac-eu:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:korenix:jetnet_6910g-m12_hvdc_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_6910g-m12_hvdc:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:korenix:jetnet_7310g-v2_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7310g-v2:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:korenix:jetnet_7628xp-4f-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7628xp-4f-us:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:korenix:jetnet_7628xp-4f-us_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7628xp-4f-us:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:korenix:jetnet_7628xp-4f-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7628xp-4f-eu:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:korenix:jetnet_7628xp-4f-eu_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7628xp-4f-eu:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:korenix:jetnet_7628x-4f-us_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7628x-4f-us:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:korenix:jetnet_7628x-4f-eu_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7628x-4f-eu:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:korenix:jetnet_7714g-m12_hvdc_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:korenix:jetnet_7714g-m12_hvdc:-:*:*:*:*:*:*:*

History

17 Jan 2024, 17:46

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-09 10:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-5376

Mitre link : CVE-2023-5376

CVE.ORG link : CVE-2023-5376

JSON object : View

Products Affected

korenix

jetnet_5728g-24p-ac-2dc-us
jetnet_6828gf-ac-us
jetnet_5620g-4c
jetnet_6828gf-ac-dc24-us
jetnet_6628xp-4f-us_firmware
jetnet_6828gf-2dc48
jetnet_6528gf-2ac-us
jetnet_4508f-sw_firmware
jetnet_6728g-24p-ac-2dc-us
jetnet_4508_firmware
jetnet_6528gf-ac-us_firmware
jetnet_4508
jetnet_6528gf-2ac-eu_firmware
jetnet_6728g-24p-ac-2dc-eu_firmware
jetnet_5728g-24p-ac-2dc-us_firmware
jetnet_4508f-s_firmware
jetnet_6728g-24p-ac-2dc-us_firmware
jetnet_4508f-s
jetnet_4508-w
jetnet_6528gf-ac-eu_firmware
jetnet_6828gf-2ac-us_firmware
jetnet_5310g_firmware
jetnet_6628xp-4f-us
jetnet_6528gf-ac-us
jetnet_6910g-m12_hvdc_firmware
jetnet_4508f-mw_firmware
jetnet_7628xp-4f-us_firmware
jetnet_4508f-m
jetnet_6528gf-2dc48
jetnet_6828gf-2ac-eu
jetnet_7628xp-4f-eu
jetnet_5620g-4c_firmware
jetnet_7714g-m12_hvdc
jetnet_7628x-4f-us
jetnet_6828gf-2dc24_firmware
jetnet_6528gf-2ac-us_firmware
jetnet_6528gf-ac-eu
jetnet_4508if-sw
jetnet_6528gf-2dc24
jetnet_6828gf-2ac-eu_firmware
jetnet_7628x-4f-eu_firmware
jetnet_6628x-4f-eu_firmware
jetnet_6828gf-ac-dc24-eu
jetnet_6828gf-2dc48_firmware
jetnet_5612g-4f
jetnet_7310g-v2_firmware
jetnet_5612gp-4f_firmware
jetnet_6828gf-2ac-us
jetnet_6828gf-2ac-au_firmware
jetnet_6528gf-2dc24_firmware
jetnet_6528gf-2dc48_firmware
jetnet_4508if-s_firmware
jetnet_6828gf-2dc24
jetnet_5612gp-4f
jetnet_6528gf-2ac-eu
jetnet_4508if-mw
jetnet_4508if-s
jetnet_5310g
jetnet_4508f-mw
jetnet_7628xp-4f-us
jetnet_5728g-24p-ac-2dc-eu_firmware
jetnet_7628x-4f-us_firmware
jetnet_4508f-sw
jetnet_4508f-m_firmware
jetnet_4508if-mw_firmware
jetnet_5728g-24p-ac-2dc-eu
jetnet_6628x-4f-eu
jetnet_5612g-4f_firmware
jetnet_7628xp-4f-eu_firmware
jetnet_6910g-m12_hvdc
jetnet_6728g-24p-ac-2dc-eu
jetnet_6828gf-2ac-au
jetnet_4508i-w_firmware
jetnet_4508if-m
jetnet_4508if-sw_firmware
jetnet_4508-w_firmware
jetnet_7714g-m12_hvdc_firmware
jetnet_7310g-v2
jetnet_6828gf-ac-us_firmware
jetnet_7628x-4f-eu
jetnet_6828gf-ac-dc24-eu_firmware
jetnet_4508if-m_firmware
jetnet_6828gf-ac-dc24-us_firmware
jetnet_4508i-w

CWE

CWE-287

Improper Authentication

9.1 /10