24 matches found
CVE-2024-32385
CVE-2024-32385 affects Kerlink Wirnet iStation 868 running KerOS v.4.3.3_20200803132042. The issue allows a remote attacker to obtain sensitive information via boardID and revisionID components, implying information disclosure. CVSSv3.1 base score 4.3 (MEDIUM), attack vector: adjacent, no privile...
CVE-2024-32386
CVE-2024-32386 affects Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042, with a directory traversal vulnerability that allows an adjacent attacker to obtain sensitive information through the SNMP update mechanism. The CVSSv3.1 base score is 7.3 (HIGH) with attack vector ADJACENT, low atta...
CVE-2024-32387
Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 is affected by CVE-2024-32387. The issue allows a remote attacker to obtain sensitive information through the community string component. No additional technical details, root cause, affected subcomponents, or remediation steps are provided...
CVE-2024-32389
Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 exposes a Buffer Overflow in the update URLs component, allowing a remote attacker to obtain sensitive information. This CVE (CVE-2024-32389) has a CVSS v3.1 base score of 3.5 (LOW) with an adjacent attack vector, low confidentiality impact...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
EUVD-2024-55105
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
CVE-2024-32388
Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected...
CVE-2024-32388
Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected...
CVE-2024-32384
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...
CVE-2024-32384
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
Kerlink KerOS 安全漏洞
Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from the wmp-agent service not properly validating magic URLs, which could allow an unauthenticated remote attacker to execute arbitrary OS...
CVE-2024-32388
Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
CVE-2024-32388
CVE-2024-32388 affects Kerlink KerOS prior to 5.12. The root cause is a firewall misconfiguration that causes devices to incorrectly accept specially crafted UDP packets, enabling an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. The connected doc...
Kerlink KerOS 安全漏洞
Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.10, which stems from exposing the web interface over HTTP only and does not support HTTPS, which could lead to a man-in-the-middle attack...
Kerlink KerOS 安全漏洞
Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from a firewall misconfiguration and could allow an attacker to bypass the firewall and access protected UDP services...
CVE-2024-32384
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...