CVE-2023-5347

Name of the Vulnerable Software and Affected Versions Korenix JetNet Series versions prior to 2024/01

Description The issue is related to an Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series devices. This vulnerability can be exploited by a remote attacker to replace the whole operating system, including Trusted Executables, by sending specially crafted UDP packets to port 5010.

Recommendations For versions prior to 2024/01, update the firmware to version 2024/01 or later to resolve the issue. As a temporary workaround, consider restricting access to the update process and port 5010 to minimize the risk of exploitation.