CNNVD-202512-089 Information

CNNVD ID

CNNVD-202512-089

Related CVE

CVE-2024-39148

• CNNVD Published: 2025-12-01

Description (Chinese)

Kerlink KerOS是法国Kerlink公司的一个操作系统。 Kerlink KerOS 5.12之前版本存在安全漏洞，该漏洞源于wmp-agent服务未正确验证magic URLs，可能导致未经验证的远程攻击者以root权限执行任意OS命令。

Description (English)

Kerlink KerOS is an operating system of the French company Kerlink. There was a security loophole in the previous version of Kerlink KerOS 5.12, which stemmed from the failure of the wmp-agent service to correctly validate the magic URLs, which could result in unauthorized remote assailants executing arbitrary OS orders with root privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Kerlink

Published

2025-12-01

Last Modified

2026-02-24

References

https://keros.docs.kerlink.com/security/security_advisories_kerOS5 https://www.bdosecurity.de/en-gb/advisories/cve-2024-39148 https://access.redhat.com/security/cve/cve-2024-39148

Patch

https://keros.docs.kerlink.com/en/releases