Aggregates CVE and security vulnerability intelligence across all keenetic-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-56009 | Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit. | [email protected] | 5.3 | 0.01% | 2025-10-23 | 2026-05-20 |
| CVE-2025-56008 | Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions. | [email protected] | 6.1 | 0.03% | 2025-10-23 | 2026-05-20 |
| CVE-2025-56007 | CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit. | [email protected] | 6.5 | 0.03% | 2025-10-23 | 2026-05-20 |