PT-2017-3192 · Korenix · Jetnet6710G-Hvdc+7
Published
2017-10-26
·
Updated
2024-01-17
·
CVE-2017-14027
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Korenix JetNet5018G version 1.4
Korenix JetNet5310G version 1.4a
Korenix JetNet5428G-2G-2FX version 1.4
Korenix JetNet5628G-R version 1.4
Korenix JetNet5628G version 1.4
Korenix JetNet5728G-24P version 1.4
Korenix JetNet5828G version 1.1d
Korenix JetNet6710G-HVDC version 1.1e
Korenix JetNet6710G version 1.1
Description
The issue is related to the use of hard-coded credentials in the software of Korenix switches. This may allow a remote attacker to gain access to the device. The software uses undocumented hard-coded credentials.
Recommendations
For Korenix JetNet5018G version 1.4, consider changing the default credentials to prevent unauthorized access.
For Korenix JetNet5310G version 1.4a, update the configuration to use unique and secure credentials.
For Korenix JetNet5428G-2G-2FX version 1.4, restrict access to the device until secure credentials can be implemented.
For Korenix JetNet5628G-R version 1.4, change the hard-coded credentials to secure ones.
For Korenix JetNet5628G version 1.4, avoid using default credentials and use secure authentication methods instead.
For Korenix JetNet5728G-24P version 1.4, disable remote access until secure credentials are configured.
For Korenix JetNet5828G version 1.1d, update the device configuration to remove hard-coded credentials.
For Korenix JetNet6710G-HVDC version 1.1e, use secure authentication methods to prevent unauthorized access.
For Korenix JetNet6710G version 1.1, consider implementing additional security measures to protect against remote attacks.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jetnet5018G
Jetnet5310G
Jetnet5428G-2G-2Fx
Jetnet5628G-R
Jetnet5728G-24P
Jetnet5828G
Jetnet6710G
Jetnet6710G-Hvdc