Description

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

Related CPE's

o

wago

0852-1328_firmware

Vulnerable

h

wago

0852-1328

-

o

wago

0852-1322_firmware

Vulnerable

h

wago

0852-1322

-

References

https://certvde.com/de/advisories/VDE-2025-095

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-121

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-10T11:15:48.217

1 week ago

Last modified

2025-12-19T16:50:43.363

2 hours ago