CNNVD-202602-1361 Information

Feb 09, 2026 cve

CNNVD ID

CNNVD-202602-1361

CVE-2026-22905

CNNVD Published: 2026-02-09

Description (Chinese)

WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328都是德国万可（WAGO）公司的一个工业级管理型以太网交换机。 WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328存在路径遍历漏洞，该漏洞源于URI验证不足，可能导致未经验证的远程攻击者绕过身份验证，获得对受保护CGI端点和配置下载的未经授权访问。

Description (English)

WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 are both industrial-scale management-based Ethernet switches of WAGO, Germany. WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 have routing loopholes, which stem from the insufficient verification of the URL and may lead to unauthorized access to protected CGI endpoints and configuration downloads by uncertified remote assailants.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

万可

Published

2026-02-09

Last Modified

2026-02-24

References

https://certvde.com/de/advisories/VDE-2026-004 https://access.redhat.com/security/cve/cve-2026-22905

Patch

https://www.wago.com/

Share on: