CVE-2026-3587 - Vulnerability Details - OpenCVE

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2026-020

History

Mon, 23 Mar 2026 08:15:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
Title		Hidden CLI Function Allows Root Access
Weaknesses		CWE-912
References		https://certvde.com/de/advisories/VDE-2026-020
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-03-23T07:49:17.325Z

Updated: 2026-03-23T07:49:17.325Z

Reserved: 2026-03-05T09:44:25.876Z

Link: CVE-2026-3587

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-23T08:16:17.360

Modified: 2026-03-23T08:16:17.360

Link: CVE-2026-3587

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3587", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-03-05T09:44:25.876Z", "datePublished": "2026-03-23T07:49:17.325Z", "dateUpdated": "2026-03-23T07:49:17.325Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1812", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813-000-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.3.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1816", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-303", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.8.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1305", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.0.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1305-000-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.0.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1505-000-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.0.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1505", "vendor": "WAGO", "versions": [{"lessThan": "V1.1.9.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-602", "vendor": "WAGO", "versions": [{"lessThan": "V1.0.6.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-603", "vendor": "WAGO", "versions": [{"lessThan": "V1.0.6.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Industrial Managed Switch 852-1605", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.5.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1812-010-000", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813-010-000", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1816-010-000", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Lean Managed Switch 852-1813/010-001", "vendor": "WAGO", "versions": [{"lessThan": "V1.2.1.S0", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.<br>"}], "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Hidden Functionality", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-23T07:49:17.325Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-020"}], "source": {"advisory": "VDE-2026-020", "defect": ["CERT@VDE#641971"], "discovery": "UNKNOWN"}, "title": "Hidden CLI Function Allows Root Access", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}