{"api_version":"1","generated_at":"2026-05-14T02:28:23+00:00","cve":"CVE-2017-14021","urls":{"html":"https://cve.report/CVE-2017-14021","api":"https://cve.report/api/cve/CVE-2017-14021.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14021","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14021"},"summary":{"title":"CVE-2017-14021","description":"A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.","state":"PUBLISHED","assigner":"icscert","published_at":"2017-11-01 02:29:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-321","CWE-798","CWE-321 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Korenix JetNet | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/101598","name":"http://www.securityfocus.com/bid/101598","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Korenix JetNet Hardcoded Cryptographic Key and Hardcoded Credentials Security Bypass Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14021","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14021","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"Korenix JetNet","version":"affected Korenix JetNet","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"korenix","cpe5":"jetnet5018g_firmware","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"korenix","cpe5":"jetnet5310g_firmware","cpe6":"1.4a","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"korenix","cpe5":"jetnet5428g-2g-2fx_firmware","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet5628g-r_firmware","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"korenix","cpe5":"jetnet5628g_firmware","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet5728g-24p_firmware","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet5828g_firmware","cpe6":"1.1d","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"korenix","cpe5":"jetnet6710g-hvdc_firmware","cpe6":"11e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"korenix","cpe5":"jetnet6710g_firmware","cpe6":"1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5018g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5310g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5428g-2g-2fx","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5628g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5628g-r","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5728g-24p","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_5828g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_6710g","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"14021","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"korenix","cpe5":"jetnet_6710g-hvdc","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T19:13:41.597Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"},{"name":"101598","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/101598"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Korenix JetNet","vendor":"n/a","versions":[{"status":"affected","version":"Korenix JetNet"}]}],"datePublic":"2017-10-31T00:00:00.000Z","descriptions":[{"lang":"en","value":"A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-321","description":"USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2017-11-01T09:57:01.000Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"tags":["x_refsource_MISC"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"},{"name":"101598","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/101598"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2017-14021","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Korenix JetNet","version":{"version_data":[{"version_value":"Korenix JetNet"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"},{"name":"101598","refsource":"BID","url":"http://www.securityfocus.com/bid/101598"}]}}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2017-14021","datePublished":"2017-11-01T02:00:00.000Z","dateReserved":"2017-08-30T00:00:00.000Z","dateUpdated":"2024-08-05T19:13:41.597Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-11-01 02:29:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-321","CWE-798","CWE-321 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:korenix:jetnet5018g_firmware:1.4:*:*:*:*:*:*:*","matchCriteriaId":"26AF5B4D-4368-4477-9185-0EAE1901F3AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*","matchCriteriaId":"C3CB2958-84F6-4461-9AD3-F40FCD457C93"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:korenix:jetnet5310g_firmware:1.4a:*:*:*:*:*:*:*","matchCriteriaId":"48D4746F-B4CC-45E8-95DC-FE20408EA92F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*","matchCriteriaId":"81A3D8A9-E142-498A-B4E8-B4B197E62F55"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:korenix:jetnet5428g-2g-2fx_firmware:1.4:*:*:*:*:*:*:*","matchCriteriaId":"9C71939E-E045-43B9-B546-FC8E649C54E9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*","matchCriteriaId":"6497F848-1268-48E2-8DC3-840F9D44049E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:korenix:jetnet5628g_firmware:1.4:*:*:*:*:*:*:*","matchCriteriaId":"2B64D2DE-4448-4212-8072-115DDDEC557E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*","matchCriteriaId":"FD60DF22-585E-49DF-9D90-119A5C5DD8CA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:korenix:jetnet5628g-r_firmware:1.4:*:*:*:*:*:*:*","matchCriteriaId":"5DF101FB-1FE3-425E-B70B-83D258B40B1C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*","matchCriteriaId":"B88DB5A5-4F43-4AE1-B3F6-8E1810276423"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:korenix:jetnet5728g-24p_firmware:1.4:*:*:*:*:*:*:*","matchCriteriaId":"BF0C41AD-A7AA-40BE-9CA1-01155DFC9983"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*","matchCriteriaId":"81174238-9B97-46F3-9FAD-AE594480CB29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:korenix:jetnet5828g_firmware:1.1d:*:*:*:*:*:*:*","matchCriteriaId":"3266110D-5FF3-4322-870A-96AF8BC5C88C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*","matchCriteriaId":"10C4DA7B-4E69-4831-B380-A65BE8EE8B10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:korenix:jetnet6710g_firmware:1.1:*:*:*:*:*:*:*","matchCriteriaId":"4CDDB42E-5D8B-413B-A476-ACD6FC84E59B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:korenix:jetnet6710g-hvdc_firmware:11e:*:*:*:*:*:*:*","matchCriteriaId":"4467DE80-26D4-4D02-81C4-C1CD33F76FBE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*","matchCriteriaId":"DD53579F-A44B-48C6-98EF-4C3D597C9E17"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14021","Ordinal":"1","Title":"CVE-2017-14021","CVE":"CVE-2017-14021","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14021","Ordinal":"1","NoteData":"A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.","Type":"Description","Title":"CVE-2017-14021"},{"CveYear":"2017","CveId":"14021","Ordinal":"2","NoteData":"2017-10-31","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14021","Ordinal":"3","NoteData":"2017-11-01","Type":"Other","Title":"Modified"}]}}}