关键信息 CVE ID: CVE-2024-32388 CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2024-32388 Vendor: Kerlink Affected Product & Version: KerOS <= 5.11 Vulnerability Type: CWE-284: Improper Access Control CVSS Base Score / CVSS Vector: BDO: 5.3 Medium / CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Description: - Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected. Remediation: - Update to KerOS 5.12. Timeline: - 2024-03-19: Vulnerability reported to Kerlink - 2024-03-23: Kerlink informed us that the issues were under analysis - 2024-03-29: Vendor confirmed the vulnerabilities and provided an update on the current status of the analysis, including potential fixes - 2024-04-08: We provided feedback on the potential fixes - 2024-04-28: Vendor provided an update on the status of the potential fixes - 2024-06-11: We reported additional vulnerabilities; ongoing communication regarding these issues - 2025-08-05: Informed Kerlink of our intention to release the CVEs - 2025-11-06: Vendor released an update - 2025-11-21: CVE published