CVE-2021-20998
published 2021-05-13CVE-2021-20998: In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | 0852-0303 | unspecified – V1.2.3.S0 | — |
| wago | 0852-0303_firmware | <= 1.2.3.s0 | — |
| wago | 0852-1305 | unspecified – V1.1.7.S0 | — |
| wago | 0852-1305_000-001 | unspecified – V1.0.4.S0 | — |
| wago | 0852-1305_000-001_firmware | <= 1.0.4.s0 | — |
| wago | 0852-1305_firmware | <= 1.1.7.s0 | — |
| wago | 0852-1505 | unspecified – V1.1.6.S0 | — |
| wago | 0852-1505_000-001 | unspecified – V1.0.4.S0 | — |
| wago | 0852-1505_000-001_firmware | <= 1.0.4.s0 | — |
| wago | 0852-1505_firmware | <= 1.1.6.s0 | — |