Vulnerabilities > Korenix > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2023-23296 Resource Exhaustion vulnerability in Korenix products
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
network
low complexity
korenix CWE-400
6.5
2020-10-15 CVE-2020-12503 Incorrect Authorization vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
network
low complexity
pepperl-fuchs korenix CWE-863
6.5
2020-10-15 CVE-2020-12502 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
6.8
2019-03-12 CVE-2019-9725 Cross-site Scripting vulnerability in Korenix products
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
network
low complexity
korenix CWE-79
6.1