The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HKerlink Keros
OSKerlink5.0 – 5.12 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Firewall
CWE
Powiązane podatności
CVE-2024-32384MEDIUM6.8ten sam produkt
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without...
CVE-2024-32388MEDIUM5.3ten sam produkt
Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially c...