CVE-2024-4021

Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure

CVSS 5.3 MEDIUMEPSS 0.6%CWE-200

A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261673 was assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

Keenetic · KN-1010 Keenetic · KN-1410 Keenetic · KN-1711 Keenetic · KN-1810 Keenetic · KN-1910

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://netsecfish.notion.site/Information-Disclosure-in-Keenetic-Router-d4a12a499cef4acf80e191bdaf20c151?pvs=4 https://vuldb.com/?ctiid.261673 https://vuldb.com/?id.261673