CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11303 – Path Traversal
https://notcve.org/view.php?id=CVE-2024-11303
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. La vulnerabilidad de ruta del directorio raíz a un directorio restringido ('Path Traversal') en Korenix JetPort 5601 permite Path Traversal. Este problema afecta a JetPort 5601: hasta 1.2. Korenix JetPort 5601 version 1.2 suffers from a path traversal vulnerability. • https://cyberdanube.com/en/en-st-polten-uas-path-traversal-in-korenix-jetport • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7397 – Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2024-7397
Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7396 – Plaintext Communication
https://notcve.org/view.php?id=CVE-2024-7396
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7395 – Insufficient Authentication
https://notcve.org/view.php?id=CVE-2024-7395
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 88EXPL: 3CVE-2023-5347 – Unauthenticated Firmware Upgrade
https://notcve.org/view.php?id=CVE-2023-5347
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. Una vulnerabilidad de verificación incorrecta de la firma criptográfica en el proceso de actualización de Korenix JetNet Series permite reemplazar todo el sistema operativo, incluidos los ejecutables confiables. Este problema afecta a los dispositivos JetNet anteriores a la versión de firmware 2024/01. Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades. • http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html http://seclists.org/fulldisclosure/2024/Jan/11 https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series https://www.beijerelectronics.com/en/support/Help___online?docId=69947 • CWE-347: Improper Verification of Cryptographic Signature •