Filtered by vendor Korenix Subscriptions
Total 18 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-11303 1 Korenix 1 Jetport 5601 2024-11-21 N/A
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.
CVE-2023-5376 1 Korenix 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more 2024-11-21 8.6 High
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
CVE-2023-5347 1 Korenix 84 Jetnet 4508, Jetnet 4508-w, Jetnet 4508-w Firmware and 81 more 2024-11-21 9.8 Critical
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
CVE-2023-23296 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2024-11-21 6.5 Medium
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.
CVE-2023-23295 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2024-11-21 8.8 High
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
CVE-2023-23294 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2024-11-21 8.8 High
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
CVE-2021-39280 1 Korenix 12 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 9 more 2024-11-21 8.8 High
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31.
CVE-2020-12504 3 Korenix, Pepperl-fuchs, Westermo 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more 2024-11-21 9.8 Critical
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
CVE-2020-12503 2 Korenix, Pepperl-fuchs 56 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 53 more 2024-11-21 7.2 High
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
CVE-2020-12502 2 Korenix, Pepperl-fuchs 46 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 43 more 2024-11-21 8.8 High
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
CVE-2020-12501 2 Korenix, Pepperl-fuchs 52 Jetnet4510 Firmware, Jetnet4706 Firmware, Jetnet4706f Firmware and 49 more 2024-11-21 9.8 Critical
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
CVE-2019-9725 1 Korenix 5 Jetport 5601, Jetport 5601 Firmware, Jetport 5601f and 2 more 2024-11-21 N/A
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
CVE-2017-14027 1 Korenix 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more 2024-11-21 N/A
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.
CVE-2017-14021 1 Korenix 18 Jetnet5018g Firmware, Jetnet5310g Firmware, Jetnet5428g-2g-2fx Firmware and 15 more 2024-11-21 N/A
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.
CVE-2012-4577 1 Korenix 1 Jetport 2024-11-21 N/A
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.
CVE-2024-7396 1 Korenix 1 Jetport 5601v3 2024-09-03 N/A
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.
CVE-2024-7395 1 Korenix 1 Jetport 5601 2024-08-07 N/A
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2.
CVE-2024-7397 1 Korenix 1 Jetport5601v3 2024-08-06 N/A
Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2.