CVE-2023-5347

CRITICAL
Published Jan 9, 2024 Modified Oct 8, 2025 CWE-327 CWE-347

Description

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Is your site exposed to CVE-2023-5347?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-327 CWE-327
CWE-347 CWE-347

Affected Products

Vendor Product
korenix jetnet_5310g_firmware
korenix jetnet_5310g
korenix jetnet_4508_firmware
korenix jetnet_4508
korenix jetnet_4508i-w_firmware
korenix jetnet_4508i-w
korenix jetnet_4508-w_firmware
korenix jetnet_4508-w
korenix jetnet_4508if-s_firmware
korenix jetnet_4508if-s
korenix jetnet_4508if-m_firmware
korenix jetnet_4508if-m
korenix jetnet_4508if-sw_firmware
korenix jetnet_4508if-sw
korenix jetnet_4508if-mw_firmware
korenix jetnet_4508if-mw
korenix jetnet_4508f-m_firmware
korenix jetnet_4508f-m
korenix jetnet_4508f-s_firmware
korenix jetnet_4508f-s
korenix jetnet_4508f-mw_firmware
korenix jetnet_4508f-mw
korenix jetnet_4508f-sw_firmware
korenix jetnet_4508f-sw
korenix jetnet_5620g-4c_firmware
korenix jetnet_5620g-4c
korenix jetnet_5612gp-4f_firmware
korenix jetnet_5612gp-4f
korenix jetnet_5612g-4f_firmware
korenix jetnet_5612g-4f
korenix jetnet_5728g-24p-ac-2dc-us_firmware
korenix jetnet_5728g-24p-ac-2dc-us
korenix jetnet_5728g-24p-ac-2dc-eu_firmware
korenix jetnet_5728g-24p-ac-2dc-eu
korenix jetnet_6528gf-2ac-eu_firmware
korenix jetnet_6528gf-2ac-eu
korenix jetnet_6528gf-2ac-us_firmware
korenix jetnet_6528gf-2ac-us
korenix jetnet_6528gf-2dc24_firmware
korenix jetnet_6528gf-2dc24
korenix jetnet_6528gf-2dc48_firmware
korenix jetnet_6528gf-2dc48
korenix jetnet_6528gf-ac-eu_firmware
korenix jetnet_6528gf-ac-eu
korenix jetnet_6528gf-ac-us_firmware
korenix jetnet_6528gf-ac-us
korenix jetnet_6628xp-4f-us_firmware
korenix jetnet_6628xp-4f-us
korenix jetnet_6628x-4f-eu_firmware
korenix jetnet_6628x-4f-eu
korenix jetnet_6728g-24p-ac-2dc-us_firmware
korenix jetnet_6728g-24p-ac-2dc-us
korenix jetnet_6728g-24p-ac-2dc-eu_firmware
korenix jetnet_6728g-24p-ac-2dc-eu
korenix jetnet_6828gf-2dc48_firmware
korenix jetnet_6828gf-2dc48
korenix jetnet_6828gf-2dc24_firmware
korenix jetnet_6828gf-2dc24
korenix jetnet_6828gf-ac-dc24-us_firmware
korenix jetnet_6828gf-ac-dc24-us
korenix jetnet_6828gf-2ac-us_firmware
korenix jetnet_6828gf-2ac-us
korenix jetnet_6828gf-ac-us_firmware
korenix jetnet_6828gf-ac-us
korenix jetnet_6828gf-2ac-au_firmware
korenix jetnet_6828gf-2ac-au
korenix jetnet_6828gf-ac-dc24-eu_firmware
korenix jetnet_6828gf-ac-dc24-eu
korenix jetnet_6828gf-2ac-eu_firmware
korenix jetnet_6828gf-2ac-eu
korenix jetnet_6910g-m12_hvdc_firmware
korenix jetnet_6910g-m12_hvdc
korenix jetnet_7310g-v2_firmware
korenix jetnet_7310g-v2
korenix jetnet_7628xp-4f-us_firmware
korenix jetnet_7628xp-4f-us
korenix jetnet_7628xp-4f-us_firmware
korenix jetnet_7628xp-4f-us
korenix jetnet_7628xp-4f-eu_firmware
korenix jetnet_7628xp-4f-eu
korenix jetnet_7628xp-4f-eu_firmware
korenix jetnet_7628xp-4f-eu
korenix jetnet_7628x-4f-us_firmware
korenix jetnet_7628x-4f-us
korenix jetnet_7628x-4f-eu_firmware
korenix jetnet_7628x-4f-eu
korenix jetnet_7714g-m12_hvdc_firmware
korenix jetnet_7714g-m12_hvdc

References

Frequently Asked Questions

What is CVE-2023-5347? +
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2023-5347? +
CVE-2023-5347 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2023-5347? +
CVE-2023-5347 affects products from korenix, specifically: jetnet_4508, jetnet_4508-w, jetnet_4508-w_firmware, jetnet_4508_firmware, jetnet_4508f-m, jetnet_4508f-m_firmware, jetnet_4508f-mw, jetnet_4508f-mw_firmware, jetnet_4508f-s, jetnet_4508f-s_firmware, jetnet_4508f-sw, jetnet_4508f-sw_firmware, jetnet_4508i-w, jetnet_4508i-w_firmware, jetnet_4508if-m, jetnet_4508if-m_firmware, jetnet_4508if-mw, jetnet_4508if-mw_firmware, jetnet_4508if-s, jetnet_4508if-s_firmware, jetnet_4508if-sw, jetnet_4508if-sw_firmware, jetnet_5310g, jetnet_5310g_firmware, jetnet_5612g-4f, jetnet_5612g-4f_firmware, jetnet_5612gp-4f, jetnet_5612gp-4f_firmware, jetnet_5620g-4c, jetnet_5620g-4c_firmware, jetnet_5728g-24p-ac-2dc-eu, jetnet_5728g-24p-ac-2dc-eu_firmware, jetnet_5728g-24p-ac-2dc-us, jetnet_5728g-24p-ac-2dc-us_firmware, jetnet_6528gf-2ac-eu, jetnet_6528gf-2ac-eu_firmware, jetnet_6528gf-2ac-us, jetnet_6528gf-2ac-us_firmware, jetnet_6528gf-2dc24, jetnet_6528gf-2dc24_firmware, jetnet_6528gf-2dc48, jetnet_6528gf-2dc48_firmware, jetnet_6528gf-ac-eu, jetnet_6528gf-ac-eu_firmware, jetnet_6528gf-ac-us, jetnet_6528gf-ac-us_firmware, jetnet_6628x-4f-eu, jetnet_6628x-4f-eu_firmware, jetnet_6628xp-4f-us, jetnet_6628xp-4f-us_firmware, jetnet_6728g-24p-ac-2dc-eu, jetnet_6728g-24p-ac-2dc-eu_firmware, jetnet_6728g-24p-ac-2dc-us, jetnet_6728g-24p-ac-2dc-us_firmware, jetnet_6828gf-2ac-au, jetnet_6828gf-2ac-au_firmware, jetnet_6828gf-2ac-eu, jetnet_6828gf-2ac-eu_firmware, jetnet_6828gf-2ac-us, jetnet_6828gf-2ac-us_firmware, jetnet_6828gf-2dc24, jetnet_6828gf-2dc24_firmware, jetnet_6828gf-2dc48, jetnet_6828gf-2dc48_firmware, jetnet_6828gf-ac-dc24-eu, jetnet_6828gf-ac-dc24-eu_firmware, jetnet_6828gf-ac-dc24-us, jetnet_6828gf-ac-dc24-us_firmware, jetnet_6828gf-ac-us, jetnet_6828gf-ac-us_firmware, jetnet_6910g-m12_hvdc, jetnet_6910g-m12_hvdc_firmware, jetnet_7310g-v2, jetnet_7310g-v2_firmware, jetnet_7628x-4f-eu, jetnet_7628x-4f-eu_firmware, jetnet_7628x-4f-us, jetnet_7628x-4f-us_firmware, jetnet_7628xp-4f-eu, jetnet_7628xp-4f-eu_firmware, jetnet_7628xp-4f-us, jetnet_7628xp-4f-us_firmware, jetnet_7714g-m12_hvdc, jetnet_7714g-m12_hvdc_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-5347? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-5347 — free, no signup required.