CVE-2024-32388 – A firewall misconfiguration in Kerlink devices ... (How to Fix)

Q: What is the severity of CVE-2024-32388?

CVE-2024-32388 has a CVSS score of 5.3 (MEDIUM). A firewall misconfiguration in Kerlink devices running KerOS prior to version 5.12 allows attackers to bypass firewall protections by sending specially crafted UDP packets. This enables unauthorized access to UDP-based services that should be protected. Organizations using affected Kerlink devices are vulnerable.

📋 TL;DR

A firewall misconfiguration in Kerlink devices running KerOS prior to version 5.12 allows attackers to bypass firewall protections by sending specially crafted UDP packets. This enables unauthorized access to UDP-based services that should be protected. Organizations using affected Kerlink devices are vulnerable.

💻 Affected Systems

Products:

Kerlink devices running KerOS

Versions: KerOS versions prior to 5.12

Operating Systems: KerOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with the vulnerable KerOS version and firewall configuration.

📦 What is this software?

Keros by Kerlink

View all CVEs affecting Keros →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive UDP services, potentially leading to data exfiltration, service disruption, or lateral movement within the network.

🟠

Likely Case

Unauthorized access to UDP services, potentially exposing management interfaces or other network services that rely on UDP.

🟢

If Mitigated

Limited impact if proper network segmentation and additional firewall rules are in place to restrict access to vulnerable devices.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted UDP packets to vulnerable devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KerOS 5.12 or later

Vendor Advisory: https://keros.docs.kerlink.com/security/security_advisories_kerOS5

Restart Required: Yes

Instructions:

1. Download KerOS 5.12 or later from Kerlink. 2. Follow Kerlink's firmware update procedures. 3. Reboot the device after update.

🔧 Temporary Workarounds

Network ACL Restriction

linux

Implement network access control lists to restrict UDP traffic to vulnerable devices.

iptables -A INPUT -p udp -s <trusted_networks> -j ACCEPT
iptables -A INPUT -p udp -j DROP

External Firewall Rules

all

Configure external firewalls to block unnecessary UDP traffic to affected devices.

🧯 If You Can't Patch

Isolate vulnerable devices in a separate network segment with strict access controls.
Implement network monitoring and intrusion detection for suspicious UDP traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check KerOS version via device management interface or CLI. If version is below 5.12, device is vulnerable.

Check Version:

keros --version

Verify Fix Applied:

Verify KerOS version is 5.12 or higher after applying the update.

📡 Detection & Monitoring

Log Indicators:

Unexpected UDP connection attempts in firewall logs
Unusual UDP service access logs

Network Indicators:

Suspicious UDP packets to Kerlink devices
Unexpected UDP traffic patterns

SIEM Query:

source_ip=* AND dest_ip=<kerlink_device> AND protocol=UDP AND (port NOT IN [expected_ports])

📊 Metadata

CVE ID: CVE-2024-32388

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-402

EPSS Score: 0.04% exploit probability (13.4th percentile)

Published: December 1, 2025

Last Updated: December 23, 2025

🔗 References

https://keros.docs.kerlink.com/security/security_advisories_kerOS5 Vendor Advisory
https://www.bdosecurity.de/en-gb/advisories/cve-2024-32388 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32388, you might also want to check these: