Published: 15/10/2020 Updated: 17/01/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pepperl-fuchs es7510-xt_firmware
pepperl-fuchs es8509-xt_firmware
pepperl-fuchs es8510-xt_firmware
pepperl-fuchs es9528-xtv2_firmware
pepperl-fuchs es7506_firmware
pepperl-fuchs es7510_firmware
pepperl-fuchs es7528_firmware
pepperl-fuchs es8508_firmware
pepperl-fuchs es8508f_firmware
pepperl-fuchs es8510_firmware
pepperl-fuchs es8510-xte_firmware
pepperl-fuchs es9528_firmware
pepperl-fuchs es9528-xt_firmware
korenix jetnet5428g-20sfp_firmware -
korenix jetnet5810g_firmware -
korenix jetnet4510_firmware -
korenix jetnet5010_firmware -
korenix jetnet5310_firmware -
korenix jetnet6095_firmware -
korenix jetnet4706_firmware -
korenix jetwave_3220_firmware -
korenix jetwave_2311_firmware -
korenix jetnet4706f_firmware -
korenix jetwave_2212s_firmware -
korenix jetwave_2212g_firmware -
korenix jetwave_2212x_firmware -

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 609 ...

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities ...

Korenix JetPort 5601V3 with firmware version 10 suffers from having default backdoor accounts The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products <!--X-Subject-He ...

CWE-798 https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2022/Jun/3 http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html https://nvd.nist.gov https://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html

CVE-2020-12501

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect