26 matches found
writeups
Hi there! This is a repo containing some of my security writeup...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
CVE-2025-56008
Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
EUVD-2025-35691
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
EUVD-2025-35693
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
EUVD-2025-35692
Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
CVE-2025-56008
Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...
CVE-2025-56008
Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
KeeneticOS 安全漏洞
KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from a cross-site request forgery in the /rci API endpoint that could lead to an attacker taking over the device by adding an additional user with...
CVE-2025-56008
Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...
CVE-2025-56009
CVE-2025-56009 affects KeeneticOS prior to 4.3. A CSRF flaw at the /rci API endpoint lets an attacker cause a victim to add a new user with full permissions, effectively allowing device takeover. The CVE description and Red Hat/CNNVD/CVE records confirm the vulnerability path is the /rci API, wit...
KeeneticOS 安全漏洞
KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from the presence of CRLF injection in the /auth API endpoint, which could lead to an attacker taking over the device by adding additional users wit...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
CVE-2025-56007
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...
CVE-2025-56008
CVE-2025-56008 affects KeeneticOS prior to 4.3. The vulnerability is a Cross-Site Scripting (XSS) on the Wireless ISP page that could let attackers in proximity to the router add users with full permissions and take over the device. The CVSS/metrics indicate network access, very low privileges re...
CVE-2025-56009
Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...