PT-2019-19823 · Korenix · Korenix Jetport

Published

2019-03-12

Updated

2019-03-13

CVE-2019-9725

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Korenix JetPort versions 5601 and 5601f

Description The issue concerns a Persistent XSS vulnerability in the Web manager (also known as Commander) of Korenix JetPort devices. This vulnerability is specifically found in the Port Alias field under Serial Setting, allowing for malicious input to be stored and executed.

Recommendations For Korenix JetPort 5601 and 5601f devices, avoid using the Port Alias field under Serial Setting until a fix is available. As a temporary workaround, consider restricting access to the Web manager to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-9725

Affected Products

Korenix Jetport

PT-2019-19823 · Korenix · Korenix Jetport

CVE-2019-9725

Weakness Enumeration

Related Identifiers

Affected Products

References · 3