Primary

Context

Kerlink KerOS wmp-agent Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the wmp-agent service of Kerlink's KerOS operating system, affecting versions 5.0 through 5.11. The vulnerability arises because the service does not properly validate 'magic URLs', allowing unauthenticated remote attackers to execute arbitrary operating system commands as root. This issue is present when the service is accessible over the network, although it is typically protected by a local firewall.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution as the root user.

Remediation

Users are advised to upgrade to KerOS version 5.12.

Added: Dec 1, 2025, 4:39 PM

Updated: Dec 1, 2025, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kerlink KerOS wmp-agent Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating