Filtered by vendor Kerlink
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32384 | 1 Kerlink | 1 Keros | 2025-12-23 | N/A | 6.8 MEDIUM |
| Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device. | |||||
| CVE-2024-32388 | 1 Kerlink | 1 Keros | 2025-12-23 | N/A | 5.3 MEDIUM |
| Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. | |||||
| CVE-2024-39148 | 1 Kerlink | 1 Keros | 2025-12-23 | N/A | 8.1 HIGH |
| The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall. | |||||