CVE-2024-4022

Summary

A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261674 is the identifier assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024.

Affected Software

VendorProductVersion RangeStatus
KeeneticKN-10101.6.49affected
KeeneticKN-10103.5.68affected
KeeneticKN-10103.7.77affected
KeeneticKN-10104.0.2.215affected
KeeneticKN-10104.1.2.14affected
KeeneticKN-10104.1.2.15affected
KeeneticKN-14101.6.49affected
KeeneticKN-14103.5.68affected
KeeneticKN-14103.7.77affected
KeeneticKN-14104.0.2.215affected
KeeneticKN-14104.1.2.14affected
KeeneticKN-14104.1.2.15affected
KeeneticKN-17111.6.49affected
KeeneticKN-17113.5.68affected
KeeneticKN-17113.7.77affected
KeeneticKN-17114.0.2.215affected
KeeneticKN-17114.1.2.14affected
KeeneticKN-17114.1.2.15affected
KeeneticKN-18101.6.49affected
KeeneticKN-18103.5.68affected
KeeneticKN-18103.7.77affected
KeeneticKN-18104.0.2.215affected
KeeneticKN-18104.1.2.14affected
KeeneticKN-18104.1.2.15affected
KeeneticKN-19101.6.49affected
KeeneticKN-19103.5.68affected
KeeneticKN-19103.7.77affected
KeeneticKN-19104.0.2.215affected
KeeneticKN-19104.1.2.14affected
KeeneticKN-19104.1.2.15affected

Weaknesses

  • CWE-200: CWE-200 Information Disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References