A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00233.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Korenix Subscribe
Jetnet5018g Firmware Subscribe
Jetnet5310g Firmware Subscribe
Jetnet5428g-2g-2fx Firmware Subscribe
Jetnet5628g-r Firmware Subscribe
Jetnet5628g Firmware Subscribe
Jetnet5728g-24p Firmware Subscribe
Jetnet5828g Firmware Subscribe
Jetnet6710g-hvdc Firmware Subscribe
Jetnet6710g Firmware Subscribe
Jetnet 5018g Subscribe
Jetnet 5310g Subscribe
Jetnet 5428g-2g-2fx Subscribe
Jetnet 5628g Subscribe
Jetnet 5628g-r Subscribe
Jetnet 5728g-24p Subscribe
Jetnet 5828g Subscribe
Jetnet 6710g Subscribe
Jetnet 6710g-hvdc Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:korenix:jetnet5018g_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:korenix:jetnet5310g_firmware:1.4a:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:korenix:jetnet5428g-2g-2fx_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:korenix:jetnet5628g_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:korenix:jetnet5628g-r_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:korenix:jetnet5728g-24p_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:korenix:jetnet5828g_firmware:1.1d:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:korenix:jetnet6710g_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:korenix:jetnet6710g-hvdc_firmware:11e:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.securityfocus.com/bid/101598 cve-icon cve-icon
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 cve-icon cve-icon
History

Thu, 14 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-11-14T20:01:39.797Z

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-14027

cve-icon Vulnrichment

Updated: 2024-08-05T19:13:41.683Z

cve-icon NVD

Status : Deferred

Published: 2017-11-01T02:29:00.257

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-14027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses