Vulnerabilities > Korenix

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-5347 Improper Verification of Cryptographic Signature vulnerability in Korenix products
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
network
low complexity
korenix CWE-347
critical
9.1
2024-01-09 CVE-2023-5376 Improper Authentication vulnerability in Korenix products
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
network
low complexity
korenix CWE-287
critical
9.1
2023-02-23 CVE-2023-23294 Command Injection vulnerability in Korenix products
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection.
network
low complexity
korenix CWE-77
8.8
2023-02-23 CVE-2023-23295 Command Injection vulnerability in Korenix products
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd.
network
low complexity
korenix CWE-77
8.8
2023-02-23 CVE-2023-23296 Resource Exhaustion vulnerability in Korenix products
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
network
low complexity
korenix CWE-400
6.5
2022-02-06 CVE-2021-39280 Unspecified vulnerability in Korenix products
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp.
network
low complexity
korenix
critical
9.0
2020-10-15 CVE-2020-12504 Hidden Functionality vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
network
low complexity
pepperl-fuchs korenix westermo CWE-912
7.5
2020-10-15 CVE-2020-12503 Incorrect Authorization vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
network
low complexity
pepperl-fuchs korenix CWE-863
6.5
2020-10-15 CVE-2020-12502 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
6.8
2020-10-15 CVE-2020-12501 Use of Hard-coded Credentials vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
network
low complexity
pepperl-fuchs korenix CWE-798
critical
9.8