CVE-2024-4021

Name of the Vulnerable Software and Affected Versions Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 versions up to 4.1.2.15

Description A vulnerability was found in the file /ndmComponents.js of the component Configuration Setting Handler, which can lead to information disclosure. The attack can be launched remotely. The issue is related to insufficient protection of service data. The vendor is aware of this issue and plans to fix it.

Recommendations For Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 versions up to 4.1.2.15, consider restricting access to the /ndmComponents.js file until a patch is available. As a temporary workaround, limit the use of the Configuration Setting Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.