Wago 0852-1328
6 CVEs affecting Wago 0852-1328. Latest disclosed: 2026-02-09. Critical: 5, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-22906 | Critical | 9.8 | 2026-02-09 | User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and… |
CVE-2026-22904 | Critical | 9.8 | 2026-02-09 | Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and… |
CVE-2026-22903 | Critical | 9.8 | 2026-02-09 | An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the… |
CVE-2025-41732 | Critical | 9.8 | 2025-12-10 | An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which… |
CVE-2025-41730 | Critical | 9.8 | 2025-12-10 | An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers whic… |
CVE-2026-22905 | High | 7.5 | 2026-02-09 | An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin… |