Overview

The Keenetic Router was found to expose sensitive configuration details through JavaScript files ndmComponents.js and version.js. These files include detailed information about enabled components and system version, hardware ID, and operational modes which can be leveraged by an attacker to gain insights into the system configuration without authentication and potentially exploit specific vulnerabilities or misconfigurations, affecting over 387,000 devices on the Internet.

Affected Devices

Vendor: Keenetic

Hardware:

• Carrier Router Hardware: KN-1711
• Omni Router Hardware: KN-1410
• Viva Router Hardware: KN-1910
• Ultra Router Hardware: ku_ra
• Ultra II Router Hardware: ku_rd
• Ultra Router Hardware: KN-1810
• Giga Router Hardware: KN-1010

SoftwareVersion:

• 4.1.2.15
• 4.1.2.14
• 4.0.2.215
• 3.7.77
• 3.5.68
• 1.6.49