HIGH🇬🇧 English

CVE-2024-39148

CVSS 8.1v3.1pub. 2025-12-01upd. 2025-12-23

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kerlink Keros

    OS
    Kerlink
    5.0 – 5.12 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Firewall
CWE
Referencje

Powiązane podatności

CVE-2024-32384MEDIUM6.8ten sam produkt

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without...

CVE-2024-32388MEDIUM5.3ten sam produkt

Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially c...

CVE-2024-39148 — HIGH 8.1 | CVEbaza.pl