Wago 0852-1328 vulnerabilities

CVE-2026-22904 [CRITICAL] CWE-121 CVE-2026-22904: Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthent Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.

CVE-2026-22903 [CRITICAL] CWE-121 CVE-2026-22903: An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSION An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

CVE-2026-22906 [CRITICAL] CWE-321 CVE-2026-22906: User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

CVE-2026-22905 [HIGH] CWE-22 CVE-2026-22905: An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validati An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.