CVSS: 8.7EPSS: 15%CPEs: 1EXPL: 2CVE-2024-11303 – Path Traversal
https://notcve.org/view.php?id=CVE-2024-11303
18 Nov 2024 — The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. La vulnerabilidad de ruta del directorio raíz a un directorio restringido ('Path Traversal') en Korenix JetPort 5601 permite Path Traversal. Este problema afecta a JetPort 5601: hasta 1.2. Korenix JetPort 5601 version 1.2 suffers from a path traversal vulnerability. • https://packetstorm.news/files/id/182760 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2024-7397 – Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2024-7397
05 Aug 2024 — Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://packetstorm.news/files/id/179922 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7396 – Plaintext Communication
https://notcve.org/view.php?id=CVE-2024-7396
05 Aug 2024 — Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://packetstorm.news/files/id/179922 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7395 – Insufficient Authentication
https://notcve.org/view.php?id=CVE-2024-7395
05 Aug 2024 — An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://packetstorm.news/files/id/179922 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 88EXPL: 4CVE-2023-5347 – Unauthenticated Firmware Upgrade
https://notcve.org/view.php?id=CVE-2023-5347
09 Jan 2024 — An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. Una vulnerabilidad de verificación incorrecta de la firma criptográfica en el proceso de actualización de Korenix JetNet Series permite reemplazar todo el sistema operativo, incluidos los ejecutables confiables. Este problema afecta a los dispositivos J... • https://packetstorm.news/files/id/176550 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.4EPSS: 0%CPEs: 88EXPL: 4CVE-2023-5376 – TFTP Without Authentication
https://notcve.org/view.php?id=CVE-2023-5376
09 Jan 2024 — An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. Una vulnerabilidad de autenticación incorrecta en Korenix JetNet TFTP permite el abuso de este servicio. Este problema afecta a los dispositivos JetNet anteriores a la versión de firmware 2024/01. An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. • https://packetstorm.news/files/id/176550 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 1%CPEs: 30EXPL: 1CVE-2023-23294
https://notcve.org/view.php?id=CVE-2023-23294
23 Feb 2023 — Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 30EXPL: 1CVE-2023-23295
https://notcve.org/view.php?id=CVE-2023-23295
23 Feb 2023 — Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 1CVE-2023-23296
https://notcve.org/view.php?id=CVE-2023-23296
23 Feb 2023 — Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 1CVE-2021-39280 – Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
https://notcve.org/view.php?id=CVE-2021-39280
04 Feb 2022 — Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. Algunos dispositivos Korenix JetWave permiten a usuarios autenticados ejecutar código arbitrario como root por medio del archivo /syscmd.asp. Esto afecta al 2212X versiones anteriores a 1.9.1, al 2212S versiones anteriores a 1.9.1, al 2212G versiones anterior... • https://packetstorm.news/files/id/165875 •