Unrated severityNVD Advisory· Published Jun 19, 2012· Updated Apr 29, 2026

CVE-2009-0695

Description

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

Affected products

Dell/Wyse Device Manager3 versions
cpe:2.3:a:dell:wyse_device_manager:4.7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:dell:wyse_device_manager:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:dell:wyse_device_manager:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:dell:wyse_device_manager:4.7.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/19137/nvdExploit
www.kb.cert.org/vuls/id/654545nvdUS Government Resource
archives.neohapsis.com/archives/fulldisclosure/2009-07/0101.htmlnvd
www.theregister.co.uk/2009/07/10/wyse_remote_exploit_bugs/nvd
www.wyse.com/serviceandsupport/Wyse%20Security%20Bulletin%20WSB09-01.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000