A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a Korenix JetNet affected
Version Status Constraints
Korenix JetNet affected

Configuration 1 [-]

AND
cpe:2.3:o:korenix:jetnet5018g_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:korenix:jetnet5310g_firmware:1.4a:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:korenix:jetnet5428g-2g-2fx_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:korenix:jetnet5628g_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:korenix:jetnet5628g-r_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:korenix:jetnet5728g-24p_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:korenix:jetnet5828g_firmware:1.1d:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:korenix:jetnet6710g_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:korenix:jetnet6710g-hvdc_firmware:11e:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Korenix Subscribe
Jetnet5018g Firmware Subscribe
Jetnet5310g Firmware Subscribe
Jetnet5428g-2g-2fx Firmware Subscribe
Jetnet5628g-r Firmware Subscribe
Jetnet5628g Firmware Subscribe
Jetnet5728g-24p Firmware Subscribe
Jetnet5828g Firmware Subscribe
Jetnet6710g-hvdc Firmware Subscribe
Jetnet6710g Firmware Subscribe
Jetnet 5018g Subscribe
Jetnet 5310g Subscribe
Jetnet 5428g-2g-2fx Subscribe
Jetnet 5628g Subscribe
Jetnet 5628g-r Subscribe
Jetnet 5728g-24p Subscribe
Jetnet 5828g Subscribe
Jetnet 6710g Subscribe
Jetnet 6710g-hvdc Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.securityfocus.com/bid/101598 cve-icon cve-icon
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-08-05T19:13:41.597Z

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-14021

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-11-01T02:29:00.210

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-14021

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses