Path Traversal and Improper Update Package Validation in SNMP Update Mechanism Allows Arbitrary File Overwrite in KerOS 4.3.3 and Below
Path Traversal and Improper Update Package Validation in SNMP Update Mechanism Allows Arbitrary File Overwrite in KerOS 4.3.3 and Below
Path Traversal and Improper Update Package Validation in SNMP Update Mechanism Allows Arbitrary File Overwrite in KerOS 4.3.3 and Below
| CVE ID | CVE-2024-32386 |
| CVE Link | https://nvd.nist.gov/vuln/detail/CVE-2024-32386 |
| Vendor | Kerlink |
| Affected Product & Version | KerOS ≤ 4.3.3 |
| Vulnerability Type | CWE-22 Path Traversal |
| CVSS Base Score / CVSS Vector | NVD: Awaiting analysis BDO: 7.3 High / CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| Author | Martin Weißbach |
| Date | 2026-05-27 |
CVE Details
Description:
The SNMP implementation in KerOS 4.3.3 and below allows an attacker to supply a URL pointing to a firmware update package. Due to a path traversal vulnerability combined with insufficient validation of update packages, arbitrary files on the device file system may be overwritten. Successful exploitation can result in full compromise of the device, including unauthorized privileged access.
Remediation:
KerOS4 and KerOS5 should no longer be used, as they are considered end of life. Instead, the most recent version of KerOS 6 should be used.
References:
Timeline
2024-03-19: Vulnerability reported to Kerlink
2024-03-23: Kerlink informed us that the issues were under analysis
2024-03-29: Vendor confirmed the vulnerabilities and provided an update on the current status of the analysis, including potential fixes
2024-04-08: We provided feedback on the fixes
2024-04-28: Vendor provided an update on the status of the fixes
2024-06-11: We reported additional vulnerabilities; ongoing communication regarding these issues
2025-08-05: We informed Kerlink of our intention to release the CVEs
2025-09-06: Vendor informed us that KerOS4 is EOL, KerOS will only be maintained for critical vulnerabilities tills end of 2025 and that this vulnerability does not affect KerOS6
2026-04-01: Coordinated public disclosure of this CVE was agreed upon with the vendor
2026-05-27: CVE published

