Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.