CVE-2017-14021

Name of the Vulnerable Software and Affected Versions Korenix JetNet JetNet5018G version 1.4 Korenix JetNet JetNet5310G version 1.4a Korenix JetNet JetNet5428G-2G-2FX version 1.4 Korenix JetNet JetNet5628G-R version 1.4 Korenix JetNet JetNet5628G version 1.4 Korenix JetNet JetNet5728G-24P version 1.4 Korenix JetNet JetNet5828G version 1.1d Korenix JetNet JetNet6710G-HVDC version 1.1e Korenix JetNet JetNet6710G version 1.1

Description A Use of Hard-coded Cryptographic Key issue was discovered, allowing an attacker to gain access to hard-coded certificates and private keys. This could enable the attacker to perform man-in-the-middle attacks. The vulnerability is related to the use of pre-installed credentials, which can be exploited by a remote attacker to gain access to the device.

Recommendations For Korenix JetNet JetNet5018G version 1.4, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet5310G version 1.4a, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet5428G-2G-2FX version 1.4, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet5628G-R version 1.4, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet5628G version 1.4, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet5728G-24P version 1.4, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet5828G version 1.1d, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet6710G-HVDC version 1.1e, update the firmware to remove hard-coded cryptographic keys. For Korenix JetNet JetNet6710G version 1.1, update the firmware to remove hard-coded cryptographic keys. As a temporary workaround, consider disabling the use of hard-coded certificates and private keys until a patch is available. Restrict access to the device to minimize the risk of exploitation.