Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Firmware Upgrade
Vulnerability Description
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Korenix JetNet 2024/01 安全漏洞
Vulnerability Description
Korenix JetNet是科洛理思(Korenix)公司的一款工业5端口10 / 100Base-TX乙太网交换机。 Korenix JetNet 2024/01 之前固件版本存在安全漏洞,该漏洞源于在更新过程中的加密签名验证不正确,允许替换整个操作系统,包括可信可执行文件。
CVSS Information
N/A
Vulnerability Type
N/A