Primary

Context

Kerlink Gateways KerOS Unencrypted Web Interface Vulnerability

Vulnerability

A vulnerability exists in Kerlink gateways running KerOS versions prior to 5.10, where the web interface is only available over HTTP, lacking HTTPS support. This absence of transport layer security enables a man-in-the-middle attacker to intercept and alter traffic between the client and the device.

Impact

Exploitation of this vulnerability allows for interception and modification of web traffic between the user and the gateway, potentially leading to unauthorized changes or data manipulation.

Remediation

Users can upgrade to KerOS version 5.10 or later, which includes HTTPS support. For detailed instructions on enabling HTTPS, please refer to the KerOS Wiki.

Added: Dec 1, 2025, 4:41 PM

Updated: Dec 1, 2025, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kerlink Gateways KerOS Unencrypted Web Interface Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating