CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7397 – Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2024-7397
Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7396 – Plaintext Communication
https://notcve.org/view.php?id=CVE-2024-7396
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7395 – Insufficient Authentication
https://notcve.org/view.php?id=CVE-2024-7395
An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2. Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities. • https://cyberdanube.com/de/en-multiple-vulnerabilities-in-korenix-jetport • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9725
https://notcve.org/view.php?id=CVE-2019-9725
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. El gestor web (también conocido como Commander) en Korenix JetPort, en dispositivos con las versiones 5601 y 5601f, tiene Cross-Site Scripting (XSS) persistente mediante el campo "Port Alias" en el ajuste "Serial". • https://medium.com/%40bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2012-4577
https://notcve.org/view.php?id=CVE-2012-4577
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. La imagen del (firmware) de Linux en (1) en la serie de servidores (serial-device) Korenix Jetport 5600 y (2) en la serie de servidores (serial-device) ORing Industrial DIN-Rail tiene una contraseña codificada para la cuenta de (root) que permite a atacantes remotos obtener acceso con nivel administrativo a través de una sesión SSH. • http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02 http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02 http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity http://www.securityfocus.com/bid/55196 https://exchange.xforce.ibmcloud.com/vulnerabilities/77992 • CWE-255: Credentials Management Errors •