Keeneticos
Monthly
Cross-site request forgery in KeeneticOS before version 4.3 allows remote attackers to take over Keenetic routers by forging authenticated requests to the /rci (Remote Configuration Interface) API endpoint, resulting in the creation of unauthorized full-permission admin accounts. The attack requires tricking a currently-authenticated router administrator into visiting a malicious page, giving attackers persistent full-device control without needing credentials of their own. No public exploitation confirmed in CISA KEV, but a public researcher writeup is available on GitHub; EPSS stands at 0.02% (7th percentile), suggesting exploitation remains limited at time of analysis.
Stored cross-site scripting on the KeeneticOS 'Wireless ISP' page enables a physically proximate attacker to compromise a Keenetic router by injecting a malicious payload-likely via a crafted nearby wireless network name (SSID)-that executes in an authenticated administrator's browser session. Successful exploitation allows the attacker to create additional users with full administrative permissions, resulting in complete device takeover. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS probability stands at 0.03%, indicating limited current exploitation activity.
CRLF injection in KeeneticOS before version 4.3 enables full device takeover by exploiting the /auth API endpoint to inject crafted HTTP headers that create additional administrator-level user accounts. The attack requires social engineering the device owner into visiting a malicious page, after which the injected CRLF sequences manipulate the API response to silently add a full-permission user the attacker controls. No public exploit has been identified at time of analysis, though a detailed writeup is publicly available on GitHub, which significantly lowers the barrier to weaponization.
Cross-site request forgery in KeeneticOS before version 4.3 allows remote attackers to take over Keenetic routers by forging authenticated requests to the /rci (Remote Configuration Interface) API endpoint, resulting in the creation of unauthorized full-permission admin accounts. The attack requires tricking a currently-authenticated router administrator into visiting a malicious page, giving attackers persistent full-device control without needing credentials of their own. No public exploitation confirmed in CISA KEV, but a public researcher writeup is available on GitHub; EPSS stands at 0.02% (7th percentile), suggesting exploitation remains limited at time of analysis.
Stored cross-site scripting on the KeeneticOS 'Wireless ISP' page enables a physically proximate attacker to compromise a Keenetic router by injecting a malicious payload-likely via a crafted nearby wireless network name (SSID)-that executes in an authenticated administrator's browser session. Successful exploitation allows the attacker to create additional users with full administrative permissions, resulting in complete device takeover. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS probability stands at 0.03%, indicating limited current exploitation activity.
CRLF injection in KeeneticOS before version 4.3 enables full device takeover by exploiting the /auth API endpoint to inject crafted HTTP headers that create additional administrator-level user accounts. The attack requires social engineering the device owner into visiting a malicious page, after which the injected CRLF sequences manipulate the API response to silently add a full-permission user the attacker controls. No public exploit has been identified at time of analysis, though a detailed writeup is publicly available on GitHub, which significantly lowers the barrier to weaponization.