Skip to main content

Keeneticos

3 CVEs product

Monthly

CVE-2025-56009 MEDIUM This Month

Cross-site request forgery in KeeneticOS before version 4.3 allows remote attackers to take over Keenetic routers by forging authenticated requests to the /rci (Remote Configuration Interface) API endpoint, resulting in the creation of unauthorized full-permission admin accounts. The attack requires tricking a currently-authenticated router administrator into visiting a malicious page, giving attackers persistent full-device control without needing credentials of their own. No public exploitation confirmed in CISA KEV, but a public researcher writeup is available on GitHub; EPSS stands at 0.02% (7th percentile), suggesting exploitation remains limited at time of analysis.

CSRF Keeneticos
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-56008 MEDIUM This Month

Stored cross-site scripting on the KeeneticOS 'Wireless ISP' page enables a physically proximate attacker to compromise a Keenetic router by injecting a malicious payload-likely via a crafted nearby wireless network name (SSID)-that executes in an authenticated administrator's browser session. Successful exploitation allows the attacker to create additional users with full administrative permissions, resulting in complete device takeover. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS probability stands at 0.03%, indicating limited current exploitation activity.

XSS Keeneticos
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-56007 MEDIUM This Month

CRLF injection in KeeneticOS before version 4.3 enables full device takeover by exploiting the /auth API endpoint to inject crafted HTTP headers that create additional administrator-level user accounts. The attack requires social engineering the device owner into visiting a malicious page, after which the injected CRLF sequences manipulate the API response to silently add a full-permission user the attacker controls. No public exploit has been identified at time of analysis, though a detailed writeup is publicly available on GitHub, which significantly lowers the barrier to weaponization.

Code Injection Keeneticos
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Cross-site request forgery in KeeneticOS before version 4.3 allows remote attackers to take over Keenetic routers by forging authenticated requests to the /rci (Remote Configuration Interface) API endpoint, resulting in the creation of unauthorized full-permission admin accounts. The attack requires tricking a currently-authenticated router administrator into visiting a malicious page, giving attackers persistent full-device control without needing credentials of their own. No public exploitation confirmed in CISA KEV, but a public researcher writeup is available on GitHub; EPSS stands at 0.02% (7th percentile), suggesting exploitation remains limited at time of analysis.

CSRF Keeneticos
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Stored cross-site scripting on the KeeneticOS 'Wireless ISP' page enables a physically proximate attacker to compromise a Keenetic router by injecting a malicious payload-likely via a crafted nearby wireless network name (SSID)-that executes in an authenticated administrator's browser session. Successful exploitation allows the attacker to create additional users with full administrative permissions, resulting in complete device takeover. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS probability stands at 0.03%, indicating limited current exploitation activity.

XSS Keeneticos
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

CRLF injection in KeeneticOS before version 4.3 enables full device takeover by exploiting the /auth API endpoint to inject crafted HTTP headers that create additional administrator-level user accounts. The attack requires social engineering the device owner into visiting a malicious page, after which the injected CRLF sequences manipulate the API response to silently add a full-permission user the attacker controls. No public exploit has been identified at time of analysis, though a detailed writeup is publicly available on GitHub, which significantly lowers the barrier to weaponization.

Code Injection Keeneticos
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy