managed switches
by Wago
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-41732 | 0.00 | — | 0.00 | Dec 10, 2025 | An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise. | |||
| CVE-2025-41730 | 0.00 | — | 0.00 | Dec 10, 2025 | An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise. | |||
| CVE-2021-20998 | 0.00 | — | 0.01 | May 13, 2021 | In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | |||
| CVE-2021-20994 | 0.00 | — | 0.01 | May 13, 2021 | In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | |||
| CVE-2021-20993 | 0.00 | — | 0.01 | May 13, 2021 | In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. |
- CVE-2025-41732Dec 10, 2025risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
- CVE-2025-41730Dec 10, 2025risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
- CVE-2021-20998May 13, 2021risk 0.00cvss —epss 0.01
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
- CVE-2021-20994May 13, 2021risk 0.00cvss —epss 0.01
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
- CVE-2021-20993May 13, 2021risk 0.00cvss —epss 0.01
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.