CVE-2024-4022

Name of the Vulnerable Software and Affected Versions Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 versions up to 4.1.2.15

Description A vulnerability was found in the Version Data Handler component, specifically in the /version.js file, which leads to information disclosure. The attack can be launched remotely, and the exploit has been disclosed to the public. The issue is related to insufficient protection of service data, allowing an attacker to gain unauthorized access to protected information.

Recommendations For Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 versions up to 4.1.2.15, consider disabling the version.js functionality until a patch is available. Restrict access to the Version Data Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.