📦 Keros

CVE-2024-39148 allows unauthenticated remote attackers to execute arbitrary operating system commands as root on KerOS systems by exploiting improper validation of 'magic URLs' in the wmp-agent servic...

Kerlink gateways running KerOS versions before 5.10 expose their web interface over unencrypted HTTP only, without HTTPS support. This allows man-in-the-middle attackers to intercept, read, and modify...

A firewall misconfiguration in Kerlink devices running KerOS prior to version 5.12 allows attackers to bypass firewall protections by sending specially crafted UDP packets. This enables unauthorized a...