OS Command Injection via wmp-agent in Kerlink Gateways
OS Command Injection via wmp-agent in Kerlink Gateways
OS Command Injection via wmp-agent in Kerlink Gateways
| CVE ID | CVE-2024-39148 |
| CVE Link | https://nvd.nist.gov/vuln/detail/CVE-2024-39148 |
| Vendor | Kerlink |
| Affected Product & Version | KerOS 5.0 through KerOS 5.11 |
| Vulnerability Type | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| CVSS Base Score / CVSS Vector | NVD: Waiting for Analysis BDO: 8.1 High / |
| Author | Martin Weißbach |
| Date | 2025-11-21 |
CVE Details
Description:
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.
Remediation:
Update to KerOS 5.12.
References:
- https://keros.docs.kerlink.com/security/security_advisories_kerOS5
- https://wikikerlink.fr/wirnet-productline/doku.php?id=wiki:resources:sw_history#keros_firmware_v5120_november_2025
Timeline
2024-06-11: Vulnerability reported to Kerlink
2024-06-28: Kerlink provided feedback on our report; ongoing communication with Kerlink
2025-08-05: Informed Kerlink our intention to release the CVEs
2025-08-19: Sent updated vulnerability details to Kerlink
2025-11-06: Vendor released an update
2025-11-21: CVE published