CVE-2017-14021
01.11.2017, 02:29
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.Enginsight
| Vendor | Product | Version |
|---|---|---|
| korenix | jetnet5018g_firmware | 1.4 |
| korenix | jetnet5310g_firmware | 1.4a:a |
| korenix | jetnet5428g-2g-2fx_firmware | 1.4 |
| korenix | jetnet5628g_firmware | 1.4 |
| korenix | jetnet5628g-r_firmware | 1.4 |
| korenix | jetnet5728g-24p_firmware | 1.4 |
| korenix | jetnet5828g_firmware | 1.1d:d |
| korenix | jetnet6710g_firmware | 1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-321 - Use of Hard-coded Cryptographic KeyThe use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.