CVE-2024-32384

MEDIUM

Kerlink gateway <5.10 - Info Disclosure

Title source: llm

Description

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.

References (2)

[Vendor Advisory] https://keros.docs.kerlink.com/security/security_advisories_kerOS5

[Third Party Advisory] https://www.bdosecurity.de/en-gb/advisories/cve-2024-32384

Scores

CVSS v3 6.8

EPSS 0.0001

EPSS Percentile 2.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

kerlink/keros 5.0 - 5.10

Published Dec 01, 2025

Tracked Since Feb 18, 2026