CVE-2023-5347

high-risk

Published 2024-01-09

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Jetnet 5310G Firmware

Jetnet 4508 Firmware

Jetnet 4508I-W Firmware

Jetnet 4508-W Firmware

Jetnet 4508If-S Firmware

Jetnet 4508If-M Firmware

Jetnet 4508If-Sw Firmware

Jetnet 4508If-Mw Firmware

Jetnet 4508F-M Firmware

Jetnet 4508F-S Firmware

Jetnet 4508F-Mw Firmware

Jetnet 4508F-Sw Firmware

Jetnet 5620G-4C Firmware

Jetnet 5612Gp-4F Firmware

Jetnet 5612G-4F Firmware

Jetnet 5728G-24P-Ac-2Dc-Us Firmware

Jetnet 5728G-24P-Ac-2Dc-Eu Firmware

Jetnet 6528Gf-2Ac-Eu Firmware

Jetnet 6528Gf-2Ac-Us Firmware

Jetnet 6528Gf-2Dc24 Firmware

Affected Vendors

Korenix

References (8)

Exploit http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticate...

Exploit http://seclists.org/fulldisclosure/2024/Jan/11

Exploit https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

Vendor Advisory https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Exploit http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticate...

Exploit http://seclists.org/fulldisclosure/2024/Jan/11

Exploit https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

Vendor Advisory https://www.beijerelectronics.com/en/support/Help___online?docId=69947

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 25/34 · High