CNNVD-202510-3240 Information

CNNVD ID

CNNVD-202510-3240

Related CVE

CVE-2025-56007

• CNNVD Published: 2025-10-23

Description (Chinese)

KeeneticOS是德国Keenetic公司的一款操作系统。 KeeneticOS 4.3之前版本存在安全漏洞，该漏洞源于/auth API端点存在CRLF注入，可能导致攻击者通过添加具有完全权限的额外用户来接管设备。

Description (English)

KeneticOS is an operating system of Kenetic Germany. There was a security loophole in the previous version of KeeneticOS 4.3, which resulted from the presence of CRLF injections at/auth API endpoints, which could lead the attackers to take over the equipment by adding additional users with full permission.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Keenetic

Published

2025-10-23

Last Modified

2026-02-24

References

https://keenetic.com/ https://keenetic.com/global/security#october-2025-web-api-vulnerabilities https://access.redhat.com/security/cve/cve-2025-56007

Patch

https://keenetic.com/global/security#october-2025-web-api-vulnerabilities