CRITICALCVE-2026-3587Published Modified CNA CERTVDE
CVE-2026-3587: Hidden CLI Function Allows Root Access
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- V1.0.6.S0
- Affected Products
- 16
Fix available
V1.0.6.S0V1.1.9.S0V1.2.0.S0V1.2.1.S0V1.2.3.S0V1.2.5.S0V1.2.8.S0
Affected packages
- WAGO / Lean Managed Switch 852-1812< V1.2.1.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1813< V1.2.1.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1813-000-001< V1.2.3.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1816< V1.2.1.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-303< V1.2.8.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-1305< V1.2.0.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-1305-000-001< V1.2.0.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-1505-000-001< V1.2.0.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-1505< V1.1.9.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-602< V1.0.6.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-603< V1.0.6.S0 (from 0.0.0)
- WAGO / Industrial Managed Switch 852-1605< V1.2.5.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1812-010-000< V1.2.1.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1813-010-000< V1.2.1.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1816-010-000< V1.2.1.S0 (from 0.0.0)
- WAGO / Lean Managed Switch 852-1813/010-001< V1.2.1.S0 (from 0.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences