CVE-2024-39148

High CVSS: 8.1

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

Vendor

Kerlink

Product

Keros

CWE

CWE-94

Yayın Tarihi

2025-12-01 16:15:49

Güncelleme

2025-12-23 13:55:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Keros HIGH Kerlink 2025

Referanslar

https://keros.docs.kerlink.com/security/security_advisories_kerOS5 https://www.bdosecurity.de/en-gb/advisories/cve-2024-39148