CVE-2025-56007

Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3

Description A CRLF-injection flaw exists in KeeneticOS prior to version 4.3. This issue is present at the /auth API endpoint and could allow attackers to gain control of the device. Exploitation involves adding additional users with full permissions by tricking a victim into opening a malicious page. The auth API endpoint is vulnerable to this injection.

Recommendations Update KeeneticOS to version 4.3 or later.