CVE-2023-5376

high-risk
Published 2024-01-09

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (20)

Jetnet 5310G Firmware
Jetnet 4508 Firmware
Jetnet 4508I-W Firmware
Jetnet 4508-W Firmware
Jetnet 4508If-S Firmware
Jetnet 4508If-M Firmware
Jetnet 4508If-Sw Firmware
Jetnet 4508If-Mw Firmware
Jetnet 4508F-M Firmware
Jetnet 4508F-S Firmware
Jetnet 4508F-Mw Firmware
Jetnet 4508F-Sw Firmware
Jetnet 5620G-4C Firmware
Jetnet 5612Gp-4F Firmware
Jetnet 5612G-4F Firmware
Jetnet 5728G-24P-Ac-2Dc-Us Firmware
Jetnet 5728G-24P-Ac-2Dc-Eu Firmware
Jetnet 6528Gf-2Ac-Eu Firmware
Jetnet 6528Gf-2Ac-Us Firmware
Jetnet 6528Gf-2Dc24 Firmware

Affected Vendors

Korenix

References (8)

Exploit http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticate...
Exploit http://seclists.org/fulldisclosure/2024/Jan/11
Exploit https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/
Vendor Advisory https://www.beijerelectronics.com/en/support/Help___online?docId=69947
Exploit http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticate...
Exploit http://seclists.org/fulldisclosure/2024/Jan/11
Exploit https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/
Vendor Advisory https://www.beijerelectronics.com/en/support/Help___online?docId=69947
55
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 1/34 · Minimal
Exposure 25/34 · High