CVE-2023-37859
published 2023-08-09CVE-2023-37859: In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | wp_6070-wvps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6101-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6121-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6156-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6185-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6215-whps | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6070-wvps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6101-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6121-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6156-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6185-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6215-whps_firmware | < 4.0.10 | 4.0.10 |