Description
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation
Vendor Advisory vendor-advisory
Belden Security Bulletins
https://assets.belden.com/m/4828b7cf8b652105/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-07_1v0-docx.pdf
Scores
CVSS v3
8.8
EPSS
0.0027
EPSS Percentile
17.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
Belden/Hirschmann HiSecOS EAGLE
03.4.00 - 04.1.00
Published
Apr 02, 2026
Tracked Since
Apr 03, 2026