CVE-2023-5347

CRITICAL

Korenix JetNet Series - Improper Verification of Cryptographic Signature

Title source: llm

Description

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

Exploit, Mailing List, Third Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/11

Exploit, Third Party Advisory

https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

Vendor Advisory

https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Scores

CVSS v3 9.8

EPSS 0.0134

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-327 CWE-347

Status published

Products (44)

korenix/jetnet_4508-w_firmware 2.3

korenix/jetnet_4508_firmware 2.3

korenix/jetnet_4508f-m_firmware 2.3

korenix/jetnet_4508f-mw_firmware 2.3

korenix/jetnet_4508f-s_firmware 2.3

korenix/jetnet_4508f-sw_firmware 2.3

korenix/jetnet_4508i-w_firmware 1.3

korenix/jetnet_4508if-m_firmware 1.3

korenix/jetnet_4508if-mw_firmware 1.3

korenix/jetnet_4508if-s_firmware 1.3

... and 34 more

Published Jan 09, 2024

Tracked Since Feb 18, 2026