CVE-2023-5347 : An Improper Verification of Cryptographic Signature vulnerability in the update

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Published 2024-01-09 10:15:23

Updated 2024-01-17 17:50:10

Source CyberDanube

View at NVD, CVE.org

Products affected by CVE-2023-5347

Korenix » Jetnet 5310g Firmware » Version: 2.6
cpe:2.3:o:korenix:jetnet_5310g_firmware:2.6:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 5310g » Version: N/A
Korenix » Jetnet 4508 Firmware » Version: 2.3
cpe:2.3:o:korenix:jetnet_4508_firmware:2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508 » Version: N/A
Korenix » Jetnet 4508i-w Firmware » Version: 1.3
cpe:2.3:o:korenix:jetnet_4508i-w_firmware:1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508i-w » Version: N/A
Korenix » Jetnet 4508-w Firmware » Version: 2.3
cpe:2.3:o:korenix:jetnet_4508-w_firmware:2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508-w » Version: N/A
Korenix » Jetnet 4508if-s Firmware » Version: 1.3
cpe:2.3:o:korenix:jetnet_4508if-s_firmware:1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508if-s » Version: N/A
Korenix » Jetnet 4508if-m Firmware » Version: 1.3
cpe:2.3:o:korenix:jetnet_4508if-m_firmware:1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508if-m » Version: N/A
Korenix » Jetnet 4508if-sw Firmware » Version: 1.3
cpe:2.3:o:korenix:jetnet_4508if-sw_firmware:1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508if-sw » Version: N/A
Korenix » Jetnet 4508if-mw Firmware » Version: 1.3
cpe:2.3:o:korenix:jetnet_4508if-mw_firmware:1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508if-mw » Version: N/A
Korenix » Jetnet 4508f-m Firmware » Version: 2.3
cpe:2.3:o:korenix:jetnet_4508f-m_firmware:2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508f-m » Version: N/A
Korenix » Jetnet 4508f-s Firmware » Version: 2.3
cpe:2.3:o:korenix:jetnet_4508f-s_firmware:2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508f-s » Version: N/A
Korenix » Jetnet 4508f-mw Firmware » Version: 2.3
cpe:2.3:o:korenix:jetnet_4508f-mw_firmware:2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508f-mw » Version: N/A
Korenix » Jetnet 4508f-sw Firmware » Version: 2.3
cpe:2.3:o:korenix:jetnet_4508f-sw_firmware:2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 4508f-sw » Version: N/A
Korenix » Jetnet 5620g-4c Firmware » Version: 1.1
cpe:2.3:o:korenix:jetnet_5620g-4c_firmware:1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 5620g-4c » Version: N/A
Korenix » Jetnet 5612gp-4f Firmware » Version: 1.2
cpe:2.3:o:korenix:jetnet_5612gp-4f_firmware:1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 5612gp-4f » Version: N/A
Korenix » Jetnet 5612g-4f Firmware » Version: 1.2
cpe:2.3:o:korenix:jetnet_5612g-4f_firmware:1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 5612g-4f » Version: N/A
Korenix » Jetnet 5728g-24p-ac-2dc-us Firmware » Version: 2.1
cpe:2.3:o:korenix:jetnet_5728g-24p-ac-2dc-us_firmware:2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 5728g-24p-ac-2dc-us » Version: N/A
Korenix » Jetnet 5728g-24p-ac-2dc-eu Firmware » Version: 2.1
cpe:2.3:o:korenix:jetnet_5728g-24p-ac-2dc-eu_firmware:2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 5728g-24p-ac-2dc-eu » Version: N/A
Korenix » Jetnet 6528gf-2ac-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6528gf-2ac-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6528gf-2ac-eu » Version: N/A
Korenix » Jetnet 6528gf-2ac-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6528gf-2ac-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6528gf-2ac-us » Version: N/A
Korenix » Jetnet 6528gf-2dc24 Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6528gf-2dc24_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6528gf-2dc24 » Version: N/A
Korenix » Jetnet 6528gf-2dc48 Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6528gf-2dc48_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6528gf-2dc48 » Version: N/A
Korenix » Jetnet 6528gf-ac-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6528gf-ac-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6528gf-ac-eu » Version: N/A
Korenix » Jetnet 6528gf-ac-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6528gf-ac-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6528gf-ac-us » Version: N/A
Korenix » Jetnet 6628xp-4f-us Firmware » Version: 1.1
cpe:2.3:o:korenix:jetnet_6628xp-4f-us_firmware:1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6628xp-4f-us » Version: N/A
Korenix » Jetnet 6628x-4f-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6628x-4f-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6628x-4f-eu » Version: N/A
Korenix » Jetnet 6728g-24p-ac-2dc-us Firmware » Version: 1.1
cpe:2.3:o:korenix:jetnet_6728g-24p-ac-2dc-us_firmware:1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6728g-24p-ac-2dc-us » Version: N/A
Korenix » Jetnet 6728g-24p-ac-2dc-eu Firmware » Version: 1.1
cpe:2.3:o:korenix:jetnet_6728g-24p-ac-2dc-eu_firmware:1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6728g-24p-ac-2dc-eu » Version: N/A
Korenix » Jetnet 6828gf-2dc48 Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-2dc48_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-2dc48 » Version: N/A
Korenix » Jetnet 6828gf-2dc24 Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-2dc24_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-2dc24 » Version: N/A
Korenix » Jetnet 6828gf-ac-dc24-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-ac-dc24-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-ac-dc24-us » Version: N/A
Korenix » Jetnet 6828gf-2ac-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-2ac-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-2ac-us » Version: N/A
Korenix » Jetnet 6828gf-ac-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-ac-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-ac-us » Version: N/A
Korenix » Jetnet 6828gf-2ac-au Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-2ac-au_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-2ac-au » Version: N/A
Korenix » Jetnet 6828gf-ac-dc24-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-ac-dc24-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-ac-dc24-eu » Version: N/A
Korenix » Jetnet 6828gf-2ac-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6828gf-2ac-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6828gf-2ac-eu » Version: N/A
Korenix » Jetnet 6910g-m12 Hvdc Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_6910g-m12_hvdc_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 6910g-m12 Hvdc » Version: N/A
Korenix » Jetnet 7310g-v2 Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_7310g-v2_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7310g-v2 » Version: N/A
Korenix » Jetnet 7628xp-4f-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_7628xp-4f-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7628xp-4f-us » Version: N/A
Korenix » Jetnet 7628xp-4f-us Firmware » Version: 1.1
cpe:2.3:o:korenix:jetnet_7628xp-4f-us_firmware:1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7628xp-4f-us » Version: N/A
Korenix » Jetnet 7628xp-4f-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_7628xp-4f-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7628xp-4f-eu » Version: N/A
Korenix » Jetnet 7628xp-4f-eu Firmware » Version: 1.1
cpe:2.3:o:korenix:jetnet_7628xp-4f-eu_firmware:1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7628xp-4f-eu » Version: N/A
Korenix » Jetnet 7628x-4f-us Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_7628x-4f-us_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7628x-4f-us » Version: N/A
Korenix » Jetnet 7628x-4f-eu Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_7628x-4f-eu_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7628x-4f-eu » Version: N/A
Korenix » Jetnet 7714g-m12 Hvdc Firmware » Version: 1.0
cpe:2.3:o:korenix:jetnet_7714g-m12_hvdc_firmware:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Korenix » Jetnet 7714g-m12 Hvdc » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-5347

EPSS FAQ

1.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-5347

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	3.9	5.2	NIST	2024-01-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	CyberDanube	2024-01-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-5347

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Assigned by:
- nvd@nist.gov (Primary)
- office@cyberdanube.com (Secondary)

References for CVE-2023-5347

https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

[EN] Multiple Vulnerabilities in Korenix JetNet Series - CyberDanube
Exploit;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

Korenix JetNet Series Unauthenticated Access ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Help online - Beijer Electronics
Vendor Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2024/Jan/11

Full Disclosure: CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series
Exploit;Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-5347

Products affected by CVE-2023-5347

Exploit prediction scoring system (EPSS) score for CVE-2023-5347

CVSS scores for CVE-2023-5347

CWE ids for CVE-2023-5347

References for CVE-2023-5347