CVE-2024-32386 in KerOSinfo

Summary

by MITRE • 07/16/2026

Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the SNMP update mechanism.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/16/2026

This directory traversal vulnerability exists within the SNMP update mechanism of Kerlink Wirnet iStation 868 KerOS version 4.3.3_20200803132042, representing a critical security flaw that enables remote attackers to access sensitive system information. The vulnerability stems from insufficient input validation and improper path handling within the SNMP update functionality, allowing malicious actors to manipulate file paths and traverse directories beyond the intended scope. Such flaws typically arise when applications fail to properly sanitize user-supplied data before using it in file operations, creating opportunities for unauthorized access to system resources.

The technical implementation of this vulnerability demonstrates a classic path traversal exploit where an attacker can craft specific SNMP update requests containing directory traversal sequences such as ../ or ..\ that bypass normal access controls. When the system processes these malformed requests, it fails to validate the integrity of the provided paths, resulting in unintended file system access. This weakness directly aligns with CWE-22, which categorizes improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks.

The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with potential access to configuration files, system logs, and other sensitive data that could aid in further exploitation. Remote attackers can leverage this vulnerability without requiring authentication, making the attack surface particularly concerning for industrial IoT deployments. The affected Kerlink devices operate in critical infrastructure environments where unauthorized access could compromise network security and potentially disrupt operations.

Security professionals should implement immediate mitigations including firmware updates from the vendor, network segmentation to isolate these devices, and monitoring for suspicious SNMP traffic patterns. The vulnerability also highlights the importance of secure coding practices and input validation within industrial control systems, aligning with ATT&CK technique T1071.004 for application layer protocol tunneling and T1566 for malicious file execution through network services. Organizations should conduct comprehensive vulnerability assessments to identify similar issues in their industrial IoT deployments and ensure proper access controls are implemented across all network management interfaces.

Responsible

MITRE

Reservation

04/12/2024

Disclosure

07/16/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!