Vulnerability Database

315,050

Total vulnerabilities in the database

CVE-2024-39148

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

Published: Dec 1, 2025
Updated: Dec 2, 2025
CVE: CVE-2024-39148
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
kerlink / keros	5.0	5.12

https://keros.docs.kerlink.com/security/security_advisories_kerOS5
https://www.bdosecurity.de/en-gb/advisories/cve-2024-39148

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo