This page aggregates publicly disclosed CVE and security risk information related to kerlink, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-39148 | The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall. | [email protected] | 8.1 | 0.44% | 2025-12-01 | 2025-12-23 |
| CVE-2024-32388 | Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. | [email protected] | 5.3 | 1.40% | 2025-12-01 | 2025-12-23 |
| CVE-2024-32384 | Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device. | [email protected] | 6.8 | 0.14% | 2025-12-01 | 2025-12-23 |