CVSS: 9.8EPSS: 0%CPEs: 88EXPL: 4CVE-2023-5347 – Unauthenticated Firmware Upgrade
https://notcve.org/view.php?id=CVE-2023-5347
09 Jan 2024 — An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. Una vulnerabilidad de verificación incorrecta de la firma criptográfica en el proceso de actualización de Korenix JetNet Series permite reemplazar todo el sistema operativo, incluidos los ejecutables confiables. Este problema afecta a los dispositivos J... • https://packetstorm.news/files/id/176550 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.4EPSS: 0%CPEs: 88EXPL: 4CVE-2023-5376 – TFTP Without Authentication
https://notcve.org/view.php?id=CVE-2023-5376
09 Jan 2024 — An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. Una vulnerabilidad de autenticación incorrecta en Korenix JetNet TFTP permite el abuso de este servicio. Este problema afecta a los dispositivos JetNet anteriores a la versión de firmware 2024/01. An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. • https://packetstorm.news/files/id/176550 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •