TFTP Without Authentication
Description
An unauthenticated TFTP service in Korenix JetNet devices allows arbitrary file upload, leading to firmware replacement and remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated TFTP service in Korenix JetNet devices allows arbitrary file upload, leading to firmware replacement and remote code execution.
Vulnerability
The Korenix JetNet series industrial switches expose a TFTP (Trivial File Transfer Protocol) service that lacks any authentication mechanism. An attacker can connect to this service and upload files without providing credentials. This issue affects all JetNet devices running firmware versions prior to 2024/01, including models such as JetNet 4508, 4508f, 5620G-4C, 5612GP-4F, 5612G-4F, 5728G, 6528Gf, 6628XP-4F, 6628X-4F, 6728G, 6828Gf, 6910G-M12, 7310G-V2, 7628XP-4F, 7628X-4F, and 7714G-M12 [2].
Exploitation
The attacker only needs network access to the TFTP service running on the target device. No authentication or prior access is required. By using a TFTP client, the attacker can upload a malicious firmware image to the device. The exact sequence involves connecting to the TFTP endpoint and executing a PUT request with the crafted firmware file. The service does not verify the identity of the uploader, allowing the attacker to overwrite the device's firmware [2].
Impact
Successful exploitation enables an attacker to replace the legitimate firmware with a malicious version. This grants the attacker the ability to execute arbitrary code on the device with full system privileges (remote code execution). As a result, the attacker can fully compromise the device, potentially using it as a foothold in the industrial network, disrupting operations, or exfiltrating sensitive data [2].
Mitigation
Korenix has released firmware version 2024/01 to address this issue. Users should update their JetNet devices to this version or later, as specified in the vendor advisory [1][2]. No workaround is mentioned in the available references; updating the firmware is the recommended course of action. Devices that are no longer supported should be replaced or isolated from untrusted networks.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: firmware older than 2024/01
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The TFTP service on Korenix JetNet devices does not require authentication, allowing any network-accessible user to upload and download files."
Attack vector
An attacker on the same network can connect to the TFTP service on the target JetNet device without any credentials. Using a standard TFTP client, the attacker can upload arbitrary files (e.g., a malicious firmware image) to the "/home" folder on the device. The advisory demonstrates this by running `tftp $IP` and then `put exploit.bin /home/firmware.bin` [ref_id=1]. This lack of authentication [CWE-287] allows an unauthenticated attacker to upload files, which can then be leveraged in conjunction with the separate unauthenticated firmware upgrade vulnerability (CVE-2023-5347) to achieve remote code execution.
Affected code
The TFTP service on Korenix JetNet devices (tested on JetNet 5310G / v2.6) is accessible without any authentication. The advisory states that "the available tftp service is accessible without user authentication" and allows file operations restricted to the "/home" folder [ref_id=1].
What the fix does
The advisory does not provide a patch diff or specific remediation code. It states that the issue affects "JetNet devices older than firmware version 2024/01," implying that the vendor has addressed the vulnerability in firmware version 2024/01 or later [ref_id=1]. Users should update to the latest firmware to restrict TFTP access to authenticated users only.
Preconditions
- networkAttacker must have network access to the TFTP service on the target JetNet device
- authNo authentication credentials required
Reproduction
1. Ensure network connectivity to the target JetNet device's TFTP service. 2. Run `tftp $IP` to connect. 3. Execute `put exploit.bin /home/firmware.bin` to upload a file to the restricted "/home" folder [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.