Описание
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.
Ссылки
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.10 (исключая)
cpe:2.3:o:kerlink:keros:*:*:*:*:*:*:*:*
EPSS
Процентиль: 2%
0.00014
Низкий
6.8 Medium
CVSS3
7.4 High
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 6.8
github
2 месяца назад
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.
EPSS
Процентиль: 2%
0.00014
Низкий
6.8 Medium
CVSS3
7.4 High
CVSS3
Дефекты
CWE-319