CVE-2021-20994
published 2021-05-13CVE-2021-20994: In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | 0852-0303 | unspecified – V1.2.3.S0 | — |
| wago | 0852-0303_firmware | <= 1.2.3.s0 | — |
| wago | 0852-1305 | unspecified – V1.1.7.S0 | — |
| wago | 0852-1305_000-001 | unspecified – V1.0.4.S0 | — |
| wago | 0852-1305_000-001_firmware | <= 1.0.4.s0 | — |
| wago | 0852-1305_firmware | <= 1.1.7.s0 | — |
| wago | 0852-1505 | unspecified – V1.1.6.S0 | — |
| wago | 0852-1505_000-001 | unspecified – V1.0.4.S0 | — |
| wago | 0852-1505_000-001_firmware | <= 1.0.4.s0 | — |
| wago | 0852-1505_firmware | <= 1.1.6.s0 | — |