Vulnerabilities > Korenix

DATE CVE VULNERABILITY TITLE RISK
2019-03-12 CVE-2019-9725 Cross-site Scripting vulnerability in Korenix products
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
network
low complexity
korenix CWE-79
6.1
2017-11-01 CVE-2017-14027 Use of Hard-coded Credentials vulnerability in Korenix products
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1.
network
low complexity
korenix CWE-798
critical
9.8
2017-11-01 CVE-2017-14021 Use of Hard-coded Credentials vulnerability in Korenix products
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1.
network
low complexity
korenix CWE-798
critical
9.8
2012-08-21 CVE-2012-4577 Credentials Management vulnerability in Korenix Jetport
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.
network
low complexity
korenix CWE-255
critical
10.0