Primary

Context

KeeneticOS Cross-Site Scripting Vulnerability on the Wireless ISP Page

Vulnerability

A cross-site scripting (XSS) vulnerability exists in KeeneticOS versions prior to 4.3, specifically on the Wireless ISP configuration page. This vulnerability allows attackers in close proximity to the router to execute malicious scripts by broadcasting a specially crafted SSID. When the script is executed, it can take over the device by adding new users with full permissions.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute scripts in the context of the user's session, potentially leading to unauthorized control of the device.

Remediation

Users are advised to upgrade to KeeneticOS 4.3, which addresses this vulnerability. Firmware updates can be done through the device's web interface or the Keenetic mobile app.

Added: Oct 23, 2025, 3:19 PM

Updated: Oct 23, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.6

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.6

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KeeneticOS Cross-Site Scripting Vulnerability on the Wireless ISP Page

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating