CVE-2021-20998

CWE-306Missing Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 66.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Wago 0852-0303Wago 0852-1305Wago 0852-1305/000-001+7 more
Timeline
PublishedMay 13
Latest updateMay 24

Description

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages10 packages

CVEListV5wago/0852-0303unspecifiedV1.2.3.S0
CVEListV5wago/0852-1305unspecifiedV1.1.7.S0
CVEListV5wago/0852-1505unspecifiedV1.1.6.S0
CVEListV5wago/0852-1305/000-001unspecifiedV1.0.4.S0
CVEListV5wago/0852-1505/000-001unspecifiedV1.0.4.S0

🔴Vulnerability Details

2
GHSA
GHSA-wvfh-fc5m-v972: In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users2022-05-24
CVEList
WAGO: Managed Switches: Unauthorized creation of user accounts2021-05-13
CVE-2021-20998 (CRITICAL CVSS 9.8) | In multiple managed switches by WAG | cvebase.io