CVE-2023-37861

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

Related CPE's

ophoenixcontactwp_6070-wvps_firmware********

hphoenixcontactwp_6070-wvps-*******

ophoenixcontactwp_6101-wxps_firmware********

hphoenixcontactwp_6101-wxps-*******

ophoenixcontactwp_6121-wxps_firmware********

hphoenixcontactwp_6121-wxps-*******

ophoenixcontactwp_6156-whps_firmware********

hphoenixcontactwp_6156-whps-*******

ophoenixcontactwp_6185-whps_firmware********

hphoenixcontactwp_6185-whps-*******

References

https://cert.vde.com/en/advisories/VDE-2023-018/

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io