0852-1322 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22903	1 Wago	2 0852-1322, 0852-1328	2026-02-10	9.8 Critical
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
CVE-2026-22904	1 Wago	2 0852-1322, 0852-1328	2026-02-10	9.8 Critical
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.
CVE-2026-22905	1 Wago	2 0852-1322, 0852-1328	2026-02-10	7.5 High
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
CVE-2026-22906	1 Wago	2 0852-1322, 0852-1328	2026-02-10	9.8 Critical
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
CVE-2025-41732	1 Wago	5 0852-1322, 0852-1322 Firmware, 0852-1328 and 2 more	2025-12-19	9.8 Critical
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
CVE-2025-41730	1 Wago	5 0852-1322, 0852-1322 Firmware, 0852-1328 and 2 more	2025-12-19	9.8 Critical
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

Page 1 of 1.