CNNVD-202510-3236 Information

CNNVD ID

CNNVD-202510-3236

Related CVE

CVE-2025-56009

• CNNVD Published: 2025-10-23

Description (Chinese)

KeeneticOS是德国Keenetic公司的一款操作系统。 KeeneticOS 4.3之前版本存在安全漏洞，该漏洞源于/rci API端点存在跨站请求伪造，可能导致攻击者通过添加具有完全权限的额外用户来接管设备。

Description (English)

KeneticOS is an operating system of Kenetic Germany. There was a security loophole in the previous version of KeeneticOS 4.3, which stemmed from the existence of cross-site requests for forgery at the /rci API endpoint, which could lead the attackers to take over the equipment by adding additional users with full permission.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keenetic

Published

2025-10-23

Last Modified

2026-02-24

References

https://keenetic.com/ https://keenetic.com/global/security#october-2025-web-api-vulnerabilities https://access.redhat.com/security/cve/cve-2025-56009

Patch

https://keenetic.com/global/security#october-2025-web-api-vulnerabilities