VYPR

KeeneticOS

by Keenetic

CVEs (5)

  • CVE-2025-56007MedOct 23, 2025
    risk 0.42cvss 6.5epss 0.00

    CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.

  • CVE-2025-56008MedOct 23, 2025
    risk 0.40cvss 6.1epss 0.00

    Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.

  • CVE-2025-56009MedOct 23, 2025
    risk 0.34cvss 5.3epss 0.00

    Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.

  • CVE-2024-4022MedApr 21, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to…

  • CVE-2024-4021MedApr 21, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The…