Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

0852-1328

Source -

NVDCNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2026-22906
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.11%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 07:40
Updated-09 Feb, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded Key Allows Credential Disclosure

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

Action-Not Available
Vendor-WAGO
Product-0852-13280852-1322
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2026-22905
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.99%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 07:40
Updated-09 Feb, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass via URI Traversal

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Action-Not Available
Vendor-WAGO
Product-0852-13280852-1322
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-22904
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 07:40
Updated-09 Feb, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Overflow via Oversized Cookie Fields in lighttpd

Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.

Action-Not Available
Vendor-WAGO
Product-0852-13280852-1322
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-22903
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.09%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 07:39
Updated-09 Feb, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Overflow via SESSIONID Cookie in lighttpd

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Action-Not Available
Vendor-WAGO
Product-0852-13280852-1322
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-41732
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.89%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 11:04
Updated-19 Dec, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based buffer overflow via unsafe sscanf in check_cookie()

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

Action-Not Available
Vendor-wagoWAGO
Product-0852-1328_firmware0852-13280852-1322_firmware0852-1322Indsutrial-Managed-Switches
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-41730
Assigner-CERT@VDE
ShareView Details
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.89%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 11:04
Updated-19 Dec, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based buffer overflow via unsafe sscanf in check_account()

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

Action-Not Available
Vendor-wagoWAGO
Product-0852-1328_firmware0852-13280852-1322_firmware0852-1322Indsutrial-Managed-Switches
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write