CVE-2025-56008

6.1 MEDIUM

Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to t...

Published: 2025-10-23 · Last updated: 2026-05-20

Severity and scoring

CVSS: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79

Affected products

Vendor	Product
keenetic	keeneticos

Description

Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-56008
[Other]https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56008.md
[Other]https://keenetic.com/
[Vendor advisory]https://keenetic.com/global/security#october-2025-web-api-vulnerabilities

Related CVEs

Same vendor

CVE-2025-56009 — Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device ... (5.3 MEDIUM)
CVE-2025-56007 — CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with... (6.5 MEDIUM)

Same CWE

CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)