CVE-2026-3587

CRITICAL

Hidden CLI Function Allows Root Access

Title source: cna

Description

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Exploits (1)

nomisec SUSPICIOUS

by z3r0h3ro · poc

https://github.com/z3r0h3ro/cve-2026-3587-poc

View Code ZIP pw:eip

References (1)

https://certvde.com/de/advisories/VDE-2026-020

Scores

CVSS v3 10.0

EPSS 0.0013

EPSS Percentile 32.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-912

Status published

Products (16)

WAGO/Industrial Managed Switch 852-1305 0.0.0 - V1.2.0.S0

WAGO/Industrial Managed Switch 852-1305-000-001 0.0.0 - V1.2.0.S0

WAGO/Industrial Managed Switch 852-1505 0.0.0 - V1.1.9.S0

WAGO/Industrial Managed Switch 852-1505-000-001 0.0.0 - V1.2.0.S0

WAGO/Industrial Managed Switch 852-1605 0.0.0 - V1.2.5.S0

WAGO/Industrial Managed Switch 852-303 0.0.0 - V1.2.8.S0

WAGO/Industrial Managed Switch 852-602 0.0.0 - V1.0.6.S0

WAGO/Industrial Managed Switch 852-603 0.0.0 - V1.0.6.S0

WAGO/Lean Managed Switch 852-1812 0.0.0 - V1.2.1.S0

WAGO/Lean Managed Switch 852-1812-010-000 0.0.0 - V1.2.1.S0

... and 6 more

Published Mar 23, 2026

Tracked Since Mar 23, 2026