Skip to main content

0852 0303 Firmware

6 CVEs product

Monthly

CVE-2021-20998 CRITICAL Act Now

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-20997 HIGH This Week

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20996 MEDIUM This Month

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20995 HIGH This Week

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20994 MEDIUM This Month

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20993 MEDIUM This Month

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 0852 0303 Firmware 0852 1305 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 0852 0303 Firmware 0852 1305 Firmware +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy