CVE-2021-20997
published 2021-05-13CVE-2021-20997: In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | 0852-0303 | unspecified – V1.2.3.S0 | — |
| wago | 0852-0303_firmware | <= 1.2.3.s0 | — |
| wago | 0852-1305 | unspecified – V1.1.7.S0 | — |
| wago | 0852-1305_000-001 | unspecified – V1.0.4.S0 | — |
| wago | 0852-1305_000-001_firmware | <= 1.0.4.s0 | — |
| wago | 0852-1305_firmware | <= 1.1.7.s0 | — |
| wago | 0852-1505 | unspecified – V1.1.6.S0 | — |
| wago | 0852-1505_000-001 | unspecified – V1.0.4.S0 | — |
| wago | 0852-1505_000-001_firmware | <= 1.0.4.s0 | — |
| wago | 0852-1505_firmware | <= 1.1.6.s0 | — |