Wago 0852-1305/000-001 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Wago 0852-1305/000-001 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-20998 — CVSS 10.0 (critical): In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to…
CVE-2021-20994 — CVSS 8.8 (high): In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible…
CVE-2021-20997 — CVSS 7.5 (high): In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
CVE-2021-20993 — CVSS 5.3 (medium): In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the…
CVE-2021-20995 — CVSS 5.3 (medium): In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.
CVE-2021-20996 — CVSS 5.3 (medium): In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.