Unauthenticated Firmware Upgrade

Vulnerability

An improper verification of cryptographic signature vulnerability exists in the firmware update process of Korenix JetNet Series devices. The update mechanism does not validate the digital signature of firmware images, enabling an attacker to inject a malicious update. Affected models include JetNet 4508, 4508f, 5620G-4C, 5612GP-4F, 5612G-4F, 5728G, 6528Gf, 6628XP-4F, 6628X-4F, 6728G, 6828Gf, 6910G-M12, 7310G-V2, 7628XP-4F, 7628X-4F, and 7714G-M12, among others [2]. All devices running firmware versions older than 2024/01 are vulnerable.

Exploitation

An attacker with network access to the device can exploit this vulnerability without authentication [2]. The attacker crafts a malicious firmware image and delivers it via the device's update functionality (e.g., TFTP or web interface). Since the signature verification is missing, the device accepts and installs the image, replacing the entire operating system.

Impact

Successful exploitation allows the attacker to replace the entire operating system, including trusted executables. This leads to full compromise of the device, persistent access, and potential disruption of industrial network operations.

Mitigation

The vendor (Korenix/Beijer Electronics) has released firmware version 2024/01 that addresses the vulnerability [3]. Users should update to this version or later. No workaround is available. Devices that have reached end-of-life may not receive updates.