cbcvebase.
CVE-2021-20995
published 2021-05-13

CVE-2021-20995: In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

Affected

10 ranges
VendorProductVersion rangeFixed in
wago0852-0303unspecified – V1.2.3.S0
wago0852-0303_firmware<= 1.2.3.s0
wago0852-1305unspecified – V1.1.7.S0
wago0852-1305_000-001unspecified – V1.0.4.S0
wago0852-1305_000-001_firmware<= 1.0.4.s0
wago0852-1305_firmware<= 1.1.7.s0
wago0852-1505unspecified – V1.1.6.S0
wago0852-1505_000-001unspecified – V1.0.4.S0
wago0852-1505_000-001_firmware<= 1.0.4.s0
wago0852-1505_firmware<= 1.1.6.s0