CVE-2024-4022
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261674 is the identifier assigned to this vulnerability. NOTE: The vendor is aware of this issue and plans to fix it by the end of 2024.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Keenetic | KN-1010 | 1.6.49 | affected |
| Keenetic | KN-1010 | 3.5.68 | affected |
| Keenetic | KN-1010 | 3.7.77 | affected |
| Keenetic | KN-1010 | 4.0.2.215 | affected |
| Keenetic | KN-1010 | 4.1.2.14 | affected |
| Keenetic | KN-1010 | 4.1.2.15 | affected |
| Keenetic | KN-1410 | 1.6.49 | affected |
| Keenetic | KN-1410 | 3.5.68 | affected |
| Keenetic | KN-1410 | 3.7.77 | affected |
| Keenetic | KN-1410 | 4.0.2.215 | affected |
| Keenetic | KN-1410 | 4.1.2.14 | affected |
| Keenetic | KN-1410 | 4.1.2.15 | affected |
| Keenetic | KN-1711 | 1.6.49 | affected |
| Keenetic | KN-1711 | 3.5.68 | affected |
| Keenetic | KN-1711 | 3.7.77 | affected |
| Keenetic | KN-1711 | 4.0.2.215 | affected |
| Keenetic | KN-1711 | 4.1.2.14 | affected |
| Keenetic | KN-1711 | 4.1.2.15 | affected |
| Keenetic | KN-1810 | 1.6.49 | affected |
| Keenetic | KN-1810 | 3.5.68 | affected |
| Keenetic | KN-1810 | 3.7.77 | affected |
| Keenetic | KN-1810 | 4.0.2.215 | affected |
| Keenetic | KN-1810 | 4.1.2.14 | affected |
| Keenetic | KN-1810 | 4.1.2.15 | affected |
| Keenetic | KN-1910 | 1.6.49 | affected |
| Keenetic | KN-1910 | 3.5.68 | affected |
| Keenetic | KN-1910 | 3.7.77 | affected |
| Keenetic | KN-1910 | 4.0.2.215 | affected |
| Keenetic | KN-1910 | 4.1.2.14 | affected |
| Keenetic | KN-1910 | 4.1.2.15 | affected |
Weaknesses
- CWE-200: CWE-200 Information Disclosure
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://vuldb.com/?id.261674
- https://vuldb.com/?ctiid.261674
- https://vuldb.com/?submit.316276
- https://netsecfish.notion.site/Information-Disclosure-in-Keenetic-Router-d4a12a499cef4acf80e191bdaf20c151?pvs=4
References
- https://vuldb.com/?id.261674
- https://vuldb.com/?ctiid.261674
- https://vuldb.com/?submit.316276
- https://netsecfish.notion.site/Information-Disclosure-in-Keenetic-Router-d4a12a499cef4acf80e191bdaf20c151?pvs=4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.