These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-56009 is a cross-site request forgery (CSRF) issue in KeeneticOS before 4.3 affecting the /rci API endpoint. The CVE description says an attacker can trick a victim into opening a crafted page that adds a new user with full permissions, which can lead to device takeover. The official NVD record classifies the issue as CWE-352 and assigns it a MEDIUM CVSS score.
CVE-2025-56008 is a cross-site scripting vulnerability in KeeneticOS before 4.3, affecting the Wireless ISP page. According to the supplied description, an attacker located near the router can abuse the issue to add additional users with full permissions and potentially take over the device. The published CVSS vector indicates network-based attack conditions with required user interaction and a scope change.
CVE-2025-56007 describes a CRLF-injection issue in KeeneticOS before 4.3 at the /auth API endpoint. According to the supplied CVE description, an attacker can abuse a victim’s browser interaction with a crafted page to create additional users with full permissions and take over the device. NVD lists the issue as CVSS 3.1 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).