VYPR

852-1305

by Wago

CVEs (8)

  • CVE-2021-20998May 13, 2021
    risk 0.00cvss epss 0.01

    In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.

  • CVE-2021-20997May 13, 2021
    risk 0.00cvss epss 0.01

    In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.

  • CVE-2021-20996May 13, 2021
    risk 0.00cvss epss 0.01

    In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

  • CVE-2021-20995May 13, 2021
    risk 0.00cvss epss 0.01

    In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

  • CVE-2021-20994May 13, 2021
    risk 0.00cvss epss 0.01

    In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.

  • CVE-2021-20993May 13, 2021
    risk 0.00cvss epss 0.01

    In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

  • CVE-2019-12549Jun 17, 2019
    risk 0.00cvss epss 0.03

    WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.

  • CVE-2019-12550Jun 17, 2019
    risk 0.00cvss epss 0.03

    WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.