CRLF injection in KeeneticOS before version 4.3 enables full device takeover by exploiting the /auth API endpoint to inject crafted HTTP headers that create additional administrator-level user accounts. The attack requires social engineering the device owner into visiting a malicious page, after which the injected CRLF sequences manipulate the API response to silently add a full-permission user the attacker controls. No public exploit has been identified at time of analysis, though a detailed writeup is publicly available on GitHub, which significantly lowers the barrier to weaponization.
Reflected cross-site scripting in Mingsoft MCMS v6.0.1 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by delivering a crafted URL containing a malicious payload. The CVSS scope change (S:C) indicates impact extends beyond the web application itself into the victim's browser trust context, enabling session hijacking or credential theft. No public exploit identified at time of analysis beyond the referenced GitHub gist, and EPSS of 0.22% (13th percentile) signals very low current exploitation interest.
Stored cross-site scripting on the KeeneticOS 'Wireless ISP' page enables a physically proximate attacker to compromise a Keenetic router by injecting a malicious payload-likely via a crafted nearby wireless network name (SSID)-that executes in an authenticated administrator's browser session. Successful exploitation allows the attacker to create additional users with full administrative permissions, resulting in complete device takeover. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS probability stands at 0.03%, indicating limited current exploitation activity.
Reflected XSS in AcBakImzala, ArkSigner's document signing application, affects all versions before v5.1.4 and allows unauthenticated remote attackers to inject and execute malicious scripts in a victim's browser. The attack requires the victim to interact with a crafted URL, limiting automated exploitation, but the low attack complexity and absence of authentication requirements make social-engineering-based delivery straightforward. No public exploit code or CISA KEV listing has been identified; EPSS is very low at 0.03% (9th percentile), consistent with limited observed exploitation interest at this time.
Cross-site request forgery in KeeneticOS before version 4.3 allows remote attackers to take over Keenetic routers by forging authenticated requests to the /rci (Remote Configuration Interface) API endpoint, resulting in the creation of unauthorized full-permission admin accounts. The attack requires tricking a currently-authenticated router administrator into visiting a malicious page, giving attackers persistent full-device control without needing credentials of their own. No public exploitation confirmed in CISA KEV, but a public researcher writeup is available on GitHub; EPSS stands at 0.02% (7th percentile), suggesting exploitation remains limited at time of analysis.