Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Keros | Kerlink | 5.0 (including) | 5.12 (excluding) |