Korenix JetNet Series Unauthenticated CVE-2023-5376, CVE-2023-5347 Exploit

Korenix JetNet Series Unauthenticated CVE-2023-5376, CVE-2023-5347 Exploit

vtxt by Prapattimynk

Korenix Technology, a Beijer group company within the Industrial Communicationbusiness area, isa global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and W

Android Android 5.0Exploits And POCs
( 71 ratings )
Price: $0
File CVE-2023-5376, CVE-2023-5347 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size 8KB
File Type txt
Os All
Mod Version txt
Report Report
CVE-2023-5376, CVE-2023-5347 Exploit is the most famous version in the CVE-2023-5376, CVE-2023-5347 Exploit series of publisher

"Korenix Technology, a Beijer group company within the Industrial Communication

business area, isa global leading manufacturer providing innovative, market-

oriented, value-focused Industrial Wired and Wireless Networking Solutions.

With decades of experiences inthe industry, we have developed various product

lines [...].

Our products are mainly applied inSMART industries: Surveillance, Machine-to-

Machine, Automation, Remote Monitoring, and Transportation. Worldwide customer

basecovers different Sales channels, including end-customers, OEMs, system

integrators, and brand label partners. [...]"

Source: https://www.korenix.com/en/about/index.aspx?kind=3

Vulnerable versions


Tested on emulated Korenix JetNet 5310G / v2.6

All vulnerable models/versions according to vendor:

JetNet 4508 (4508i-w V1.3, 4508 V2.3, 4508-w V2.3)

JetNet 4508f, 4508if (4508if-s V1.3,4508if-m V1.3, 4508if-sw V1.3,

       4508if-mw V1.3, 4508f-m V2.3, 4508f-s V2.3, 4508f-mw V2.3,

       4508f-sw V2.3)

JetNet 5620G-4C V1.1

JetNet 5612GP-4F V1.2

JetNet 5612G-4F V1.2

JetNet 5728G (5728G-24P-AC-2DC-US V2.1, 5728G-24P-AC-2DC-EU V2.0)

JetNet 528Gf (6528Gf-2AC-EU V1.0, 6528Gf-2AC-US V1.0, 6528Gf-2DC24 V1.0,

       6528Gf-2DC48 V1.0, 6528Gf-AC-EU V1.0, 6528Gf-AC-US V1.0)

JetNet 6628XP-4F-US V1.1

JetNet 6628X-4F-EU V1.0

JetNet 6728G (6728G-24P-AC-2DC-US V1.1, 6728G-24P-AC-2DC-EU V1.1)

JetNet 6828Gf (6828Gf-2DC48 V1.0, 6828Gf-2DC24 V1.0, 6828Gf-AC-DC24-US V1.0,

       6828Gf-2AC-US V1.0, 6828Gf-AC-US V1.0, 6828Gf-2AC-AU V1.0,

       6828Gf-AC-DC24-EU V1.0, 6828Gf-2AC-EU V1.0)

JetNet 6910G-M12 HVDC V1.0

JetNet 7310G-V2 2.0

JetNet 7628XP-4F-US V1.0, 7628XP-4F-US V1.1, 7628XP-4F-EU V1.0,

       7628XP-4F-EU V1.1

JetNet 7628X-4F-US V1.0, 7628X-4F-EU V1.0

JetNet 7714G-M12 HVDC V1.0

Vulnerability overview


1) TFTP Without Authentication (CVE-2023-5376)

The available tftp service isaccessable without user authentication. This

allows the user to upload and download files to the restricted "/home"folder.

2) Unauthenticated Firmware Upgrade (CVE-2023-5347)

A critical security vulnerability has been identified that may allow an

unauthenticated attacker to compromise the integrity of a device or cause a

denial of service (DoS) condition. This vulnerability resides inthe firmware

upgrade process of the affected system.

Recommended for You

You may also like


Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.