CVE-2025-41713Initialization of a Resource with an Insecure Default in Cc100 0751-9301

CWE-1188Initialization of a Resource with an Insecure DefaultCWE-22Path Traversal5 documents4 sources
Severity
6.5MEDIUMNVD
CISA9.1
EPSS
0.1%
top 65.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
Wago Cc100 0751-9301Wago Cc100 0751-9301 K000-0005Wago Cc100 0751-9401+22 more
Timeline
PublishedSep 15

Description

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages25 packages

CVEListV5wago/cc100_0751-9301< HW
CVEListV5wago/cc100_0751-9401< HW
CVEListV5wago/cc100_0751-9402< HW
CVEListV5wago/cc100_0751-9403< HW
CVEListV5wago/tp600_0762-4101< HW

🔴Vulnerability Details

2
CVEList
WAGO: Vulnerability in hardware switch circuit2025-09-15
GHSA
GHSA-4x6r-qc3x-j39x: During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch o2025-09-15

📋Vendor Advisories

2
CISA
Mitel MiCollab Path Traversal Vulnerability2025-01-07
CISA
Mitel MiCollab Path Traversal Vulnerability2025-01-07
CVE-2025-41713 — Wago Cc100 0751-9301 vulnerability | cvebase