CVSS: 9.1EPSS: 0%CPEs: 88EXPL: 3CVE-2023-5376 – TFTP Without Authentication
https://notcve.org/view.php?id=CVE-2023-5376
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. Una vulnerabilidad de autenticación incorrecta en Korenix JetNet TFTP permite el abuso de este servicio. Este problema afecta a los dispositivos JetNet anteriores a la versión de firmware 2024/01. Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades. • http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html http://seclists.org/fulldisclosure/2024/Jan/11 https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series https://www.beijerelectronics.com/en/support/Help___online?docId=69947 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23295
https://notcve.org/view.php?id=CVE-2023-23295
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23296
https://notcve.org/view.php?id=CVE-2023-23296
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23294
https://notcve.org/view.php?id=CVE-2023-23294
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2021-39280 – Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
https://notcve.org/view.php?id=CVE-2021-39280
Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. Algunos dispositivos Korenix JetWave permiten a usuarios autenticados ejecutar código arbitrario como root por medio del archivo /syscmd.asp. Esto afecta al 2212X versiones anteriores a 1.9.1, al 2212S versiones anteriores a 1.9.1, al 2212G versiones anteriores a 1.8, al 3220 V3 versiones anteriores a 1.5.1, al 3420 V3 versiones anteriores a 1.5.1 y al 2311 hasta el 31-01-2022 Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities. • http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html https://www.korenix.com/en/product/search.aspx?kw=JetWave •