Primary

Context

KeeneticOS Cross-Site Request Forgery Vulnerability in the Web API

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in KeeneticOS versions prior to 4.3, specifically at the '/rci' API endpoint. This vulnerability allows attackers to take control of the device by adding additional users with full permissions. Exploitation requires convincing the victim to open a page containing the exploit.

Impact

Exploitation of this vulnerability could lead to unauthorized user management, allowing attackers to gain full control over the affected device.

Remediation

Users are advised to upgrade to KeeneticOS 4.3, which addresses this vulnerability. Firmware updates can be applied through the device's web interface or the Keenetic mobile app.

Added: Oct 23, 2025, 3:18 PM

Updated: Oct 23, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KeeneticOS Cross-Site Request Forgery Vulnerability in the Web API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating