ByteOS Network

CVE Vulnerability Details :

CVE-2023-5347

PUBLISHED

More Info Official Page

Assigner-CyberDanube

Assigner Org ID-7d092a75-6bbd-48c6-a15a-0297458009bc

Published At-09 Jan, 2024 | 09:54

Updated At-08 Oct, 2025 | 09:10

▼CVE Numbering Authority (CNA)

Unauthenticated Firmware Upgrade

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Affected Products

Vendor

Korenix

Product

JetNet Series

Default Status

affected

Versions

Affected

firmware older than 2024/01

Problem Types

Type	CWE ID	Description
CWE	CWE-347	CWE-347 Improper Verification of Cryptographic Signature
CWE	CWE-327	CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Type: CWE

CWE ID: CWE-347

Description: CWE-347 Improper Verification of Cryptographic Signature

Type: CWE

CWE ID: CWE-327

Description: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Metrics

Version	Base score	Base severity	Vector
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impacts

CAPEC ID	Description
CAPEC-558	CAPEC-558 Replace Trusted Executable
CAPEC-552	CAPEC-552 Install Rootkit
CAPEC-642	CAPEC-642 Replace Binaries

CAPEC ID: CAPEC-558

Description: CAPEC-558 Replace Trusted Executable

CAPEC ID: CAPEC-552

Description: CAPEC-552 Install Rootkit

CAPEC ID: CAPEC-642

Description: CAPEC-642 Replace Binaries

Workarounds

See: https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Credits

finder

S. Dietz (CyberDanube)

References

Hyperlink	Resource
https://www.beijerelectronics.com/en/support/Help___online?docId=69947	N/A
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/	N/A
http://seclists.org/fulldisclosure/2024/Jan/11	N/A
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html	N/A

Hyperlink: https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Resource: N/A

Hyperlink: https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Jan/11

Resource: N/A

Hyperlink: http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.beijerelectronics.com/en/support/Help___online?docId=69947	x_transferred
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/	x_transferred
http://seclists.org/fulldisclosure/2024/Jan/11	x_transferred
http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html	x_transferred

Hyperlink: https://www.beijerelectronics.com/en/support/Help___online?docId=69947

Resource:

x_transferred

Hyperlink: https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2024/Jan/11

Resource:

x_transferred

Hyperlink: http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html

Resource:

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References