Korenix Security Vulnerabilities

CVE-2024-2371

Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve...

CVE-2023-5376

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version...

CVE-2017-14027

A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and...

CVE-2023-5347

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version...

CVE-2017-14021

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e,.....

CVE-2020-12501

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented...

CVE-2019-9725

The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial...

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as...

CVE-2023-23294

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as...

CVE-2023-23296

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via...

CVE-2021-39280

Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through...

CVE-2020-12500

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device...

CVE-2020-12502

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone...

CVE-2020-12503

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone...

CVE-2020-12504

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an...

CVE-2012-4577

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH...