CVE-2023-37861
published 2023-08-09CVE-2023-37861: In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | wp_6070-wvps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6101-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6121-wxps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6156-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6185-whps | < 4.0.10 | 4.0.10 |
| phoenix_contact | wp_6215-whps | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6070-wvps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6101-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6121-wxps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6156-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6185-whps_firmware | < 4.0.10 | 4.0.10 |
| phoenixcontact | wp_6215-whps_firmware | < 4.0.10 | 4.0.10 |