Kerlink Keros vulnerabilities
3 known vulnerabilities affecting kerlink/keros.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-39148P2HIGHCVSS 8.1≥ 5.0, < 5.122025-12-01
CVE-2024-39148 [HIGH] CWE-94 CVE-2024-39148: The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.
nvd
CVE-2024-32384P3HIGHCVSS 7.4≥ 5.0, < 5.102025-12-01
CVE-2024-32384 [HIGH] CWE-319 CVE-2024-32384: Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTT
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.
nvd
CVE-2024-32388P3MEDIUMCVSS 5.3≥ 5.0, < 5.122025-12-01
CVE-2024-32388 [MEDIUM] CWE-402 CVE-2024-32388: Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept s
Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.
nvd