Common Weakness Enumeration

CWE-912

Allowed-with-Review

Hidden Functionality

Abstraction: Class · Status: Incomplete

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

146 vulnerabilities reference this CWE, most recent first.

GCVE-1337-2026-000000000… (CVE-2026-7413)

Vulnerability from gna-1337 – Published: 2026-05-07 16:09 – Updated: 2026-05-08 22:46
VLAI
Title
Persistent undocumented backdoor access in Yarbo robot
Summary
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Yarbo Firmware Affected: 0 , ≤ 2.3.9 (semver)
Create a notification for this product.
Date Public
2026-05-07 16:00
Credits
Andreas Makris (aka Bin4ry) todb of AHA!

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7413",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T22:45:36.456789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-08T22:46:29.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://takeonme.org/cves/cve-2026-7413/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Firmware",
          "vendor": "Yarbo",
          "versions": [
            {
              "lessThanOrEqual": "2.3.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andreas Makris (aka Bin4ry)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "todb of AHA!"
        }
      ],
      "datePublic": "2026-05-07T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates."
            }
          ],
          "value": "A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T16:09:26.134Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/Bin4ry/yarbo-nat-in-my-back-yard"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Persistent undocumented backdoor access in Yarbo robot",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2026-7413",
    "datePublished": "2026-05-07T16:09:26.134Z",
    "dateReserved": "2026-04-29T13:37:07.749Z",
    "dateUpdated": "2026-05-08T22:46:29.192Z",
    "serial": 1,
    "state": "PUBLISHED",
    "vulnId": "GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41446 (GCVE-0-2026-41446)

Vulnerability from cvelistv5 – Published: 2026-04-28 21:15 – Updated: 2026-05-14 02:09
VLAI
Title
WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
Summary
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-912 - Hidden Functionality
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
Snap One, LLC WattBox 800 Affected: 0 , < 2.10.0.0 (custom)
Create a notification for this product.
Snap One, LLC WattBox 820 Affected: 0 , < 2.10.0.0 (custom)
Create a notification for this product.
Date Public
2026-03-19 00:00
Credits
Anonymous
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T15:09:03.107867Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T15:10:09.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WattBox 800",
          "vendor": "Snap One, LLC",
          "versions": [
            {
              "lessThan": "2.10.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WattBox 820",
          "vendor": "Snap One, LLC",
          "versions": [
            {
              "lessThan": "2.10.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anonymous"
        }
      ],
      "datePublic": "2026-03-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the device label or documentation containing these values can authenticate to the several endpoints and execute arbitrary commands as root on the device."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T02:09:45.480Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://help.snapone.com/wb-8x0-fw/Content/FW%20RN/8x0/8x0%20series%20FW%20RN.htm"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WattBox 800 \u0026 820 Series \u003c 2.10.0.0 RCE via Diagnostic Endpoints",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-41446",
    "datePublished": "2026-04-28T21:15:09.360Z",
    "dateReserved": "2026-04-20T16:07:47.308Z",
    "dateUpdated": "2026-05-14T02:09:45.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34769 (GCVE-0-2026-34769)

Vulnerability from cvelistv5 – Published: 2026-04-03 23:33 – Updated: 2026-07-15 01:03
VLAI
Title
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
  • CWE-912 - Hidden Functionality
Assigner
Impacted products
Vendor Product Version
electron electron Affected: < 38.8.6
Affected: >= 39.0.0-alpha.1, < 39.8.0
Affected: >= 40.0.0-alpha.1, < 40.7.0
Affected: >= 41.0.0-alpha.1, < 41.0.0-beta.8
Create a notification for this product.
Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
Create a notification for this product.
Red Hat Red Hat Build of Podman Desktop - Tech Preview     cpe:/a:redhat:podman_desktop:0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T03:55:35.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:podman_desktop:1"
            ],
            "defaultStatus": "affected",
            "packageName": "podman-desktop-macos-1-0",
            "product": "Red Hat Build of Podman Desktop",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:podman_desktop:1"
            ],
            "defaultStatus": "affected",
            "packageName": "podman-desktop-windows-1-0",
            "product": "Red Hat Build of Podman Desktop",
            "vendor": "Red Hat"
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:podman_desktop:0"
            ],
            "defaultStatus": "affected",
            "packageName": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10",
            "product": "Red Hat Build of Podman Desktop - Tech Preview",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-03T23:33:55.952Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Electron, a framework for building desktop applications. This vulnerability arises from an undocumented `commandLineSwitches` webPreference that allows arbitrary command-line switches to be appended to the renderer process. A remote attacker could exploit this by providing malicious input to applications that construct `webPreferences` from untrusted sources. Successful exploitation could disable critical security controls like sandboxing, potentially leading to arbitrary code execution, privilege escalation, or sensitive information disclosure."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-88",
                "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:03:53.754Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-34769"
          },
          {
            "name": "RHBZ#2455004",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34769.json"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-04T00:01:24.619Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-03T23:33:55.952Z",
            "value": "Made public."
          }
        ],
        "title": "Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 38.8.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 39.0.0-alpha.1, \u003c 39.8.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 40.0.0-alpha.1, \u003c 40.7.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 41.0.0-alpha.1, \u003c 41.0.0-beta.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912: Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-03T23:33:55.952Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f"
        }
      ],
      "source": {
        "advisory": "GHSA-9wfr-w7mm-pc7f",
        "discovery": "UNKNOWN"
      },
      "title": "Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34769",
    "datePublished": "2026-04-03T23:33:55.952Z",
    "dateReserved": "2026-03-30T19:54:55.555Z",
    "dateUpdated": "2026-07-15T01:03:53.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33280 (GCVE-0-2026-33280)

Vulnerability from cvelistv5 – Published: 2026-03-27 05:25 – Updated: 2026-03-27 19:54
VLAI
Summary
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
BUFFALO INC. BUFFALO Wi-Fi router products Affected: See "References" section
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33280",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T19:53:56.292921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T19:54:05.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BUFFALO Wi-Fi router products",
          "vendor": "BUFFALO INC.",
          "versions": [
            {
              "status": "affected",
              "version": "See \"References\" section"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product\u2019s debugging functionality, resulting in the execution of arbitrary OS commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "Hidden functionality",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T05:25:41.078Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.buffalo.jp/news/detail/20260323-01.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN83788689/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-33280",
    "datePublished": "2026-03-27T05:25:41.078Z",
    "dateReserved": "2026-03-25T06:25:26.636Z",
    "dateUpdated": "2026-03-27T19:54:05.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31847 (GCVE-0-2026-31847)

Vulnerability from cvelistv5 – Published: 2026-03-23 12:07 – Updated: 2026-03-26 10:52
VLAI
Title
Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Summary
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Nexxt Solutions Nebula 300+ Affected: <= 12.01.01.37 , ≤ Nebula300+_v12.01.01.37 (custom)
Create a notification for this product.
Credits
Angel Barre (call4pwn)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-31847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:16:37.215985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:52:16.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nebula 300+",
          "vendor": "Nexxt Solutions",
          "versions": [
            {
              "lessThanOrEqual": "Nebula300+_v12.01.01.37",
              "status": "affected",
              "version": "\u003c= 12.01.01.37",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Angel Barre (call4pwn)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Hidden functionality in the \u003ccode\u003e/goform/setSysTools\u003c/code\u003e endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as \u003ccode\u003etelnetManageEn=true\u003c/code\u003e and \u003ccode\u003etelnetPwd\u003c/code\u003e, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system."
            }
          ],
          "value": "Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker who can invoke the affected functionality can enable a privileged Telnet service remotely, exposing a diagnostic management interface and enabling further compromise of the device."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T10:52:50.115Z",
        "orgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c",
        "shortName": "TuranSec"
      },
      "references": [
        {
          "name": "Official product page",
          "url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/"
        },
        {
          "name": "Firmware download",
          "url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c",
    "assignerShortName": "TuranSec",
    "cveId": "CVE-2026-31847",
    "datePublished": "2026-03-23T12:07:05.062Z",
    "dateReserved": "2026-03-09T18:20:23.399Z",
    "dateUpdated": "2026-03-26T10:52:50.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-7413 (GCVE-0-2026-7413)

Vulnerability from cvelistv5 – Published: 2026-05-07 16:09 – Updated: 2026-05-08 22:46
VLAI
Title
Persistent undocumented backdoor access in Yarbo robot
Summary
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
AHA
Impacted products
Vendor Product Version
Yarbo Firmware Affected: 0 , ≤ 2.3.9 (semver)
Create a notification for this product.
Date Public
2026-05-07 16:00
Credits
Andreas Makris (aka Bin4ry) todb of AHA!
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7413",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T22:45:36.456789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-08T22:46:29.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://takeonme.org/cves/cve-2026-7413/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Firmware",
          "vendor": "Yarbo",
          "versions": [
            {
              "lessThanOrEqual": "2.3.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andreas Makris (aka Bin4ry)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "todb of AHA!"
        }
      ],
      "datePublic": "2026-05-07T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates."
            }
          ],
          "value": "A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T16:09:26.134Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/Bin4ry/yarbo-nat-in-my-back-yard"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000000111111111111111111111110000000000000000000000000000000000000000000000000000000111"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Persistent undocumented backdoor access in Yarbo robot",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2026-7413",
    "datePublished": "2026-05-07T16:09:26.134Z",
    "dateReserved": "2026-04-29T13:37:07.749Z",
    "dateUpdated": "2026-05-08T22:46:29.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4769 (GCVE-0-2026-4769)

Vulnerability from cvelistv5 – Published: 2026-07-13 06:35 – Updated: 2026-07-13 14:44
VLAI
Title
Unauthenticated Access to Internal Diagnostic Interface
Summary
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
WAGO 0765-110x/0100-0000 Affected: 1.0.0.0 , < 1.2.1.100 (semver)
Create a notification for this product.
WAGO 0765-120x/0100-0000 Affected: 1.0.0.0 , < 1.2.7.100 (semver)
Create a notification for this product.
WAGO 0765-150x/0100-0000 Affected: 1.0.0.0 , < 1.2.7.103 (semver)
Create a notification for this product.
WAGO 0765-2101/0100-0000 Affected: 1.0.0.0 , < 1.2.1.102 (semver)
Create a notification for this product.
WAGO 0765-2102/0100-0000 Affected: 1.0.0.0 , < 1.2.5.101 (semver)
Create a notification for this product.
WAGO 0765-410x/0100-0000 Affected: 1.0.0.0 , < 1.2.1.100 (semver)
Create a notification for this product.
WAGO 0765-420x/0100-0000 Affected: 1.0.0.0 , < 1.2.7.100 (semver)
Create a notification for this product.
WAGO 0765-450x/0100-0000 Affected: 1.0.0.0 , < 1.2.7.103 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T14:44:35.455141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T14:44:48.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "0765-110x/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.1.100",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-120x/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.7.100",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-150x/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.7.103",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-2101/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.1.102",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-2102/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.5.101",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-410x/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.1.100",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-420x/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.7.100",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0765-450x/0100-0000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "1.2.7.103",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.1.100",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.7.100",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.7.103",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.1.102",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.5.101",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.1.100",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.7.100",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        },
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:wago:field_profinet:1.2.1.0:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.2.7.103",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCertain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise.\u003c/p\u003e"
            }
          ],
          "value": "Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T06:35:01.116Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.certvde.com/en/advisories/VDE-2026-031/"
        }
      ],
      "source": {
        "advisory": "VDE-2026-031",
        "defect": [
          "CERT@VDE#641997"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated Access to Internal Diagnostic Interface",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-4769",
    "datePublished": "2026-07-13T06:35:01.116Z",
    "dateReserved": "2026-03-24T13:19:36.714Z",
    "dateUpdated": "2026-07-13T14:44:48.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4621 (GCVE-0-2026-4621)

Vulnerability from cvelistv5 – Published: 2026-03-27 11:52 – Updated: 2026-04-10 04:13
VLAI
Summary
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
NEC
Impacted products
Vendor Product Version
NEC Platforms, Ltd. Aterm W1200EX(-MS) Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HP2 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1900HP Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HS2 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1800HP3 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HP3 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1900HP2 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HS3 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1800HP4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HP4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HS4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX1500HP Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HS Affected: Before Ver. 1.7.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WF1200CR Affected: Before Ver. 1.6.0
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200CR Affected: Before Ver. 1.5.0
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HP4 Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HM4 Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HS2 Affected: Before Ver. 1.3.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX3000HP Affected: Before Ver. 2.5.0
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX3000HP2 Affected: Before Ver. 1.3.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX3600HP Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm GX1200HP Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm GX1200HS4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200DM4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm GB1200PE Affected: Before Ver. 1.3.1
Create a notification for this product.
Credits
Chuya Hayakawa of Zero Zero One Co., Ltd.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T12:57:21.304368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T12:57:32.214Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Aterm W1200EX(-MS)",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HP2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1900HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HS2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1800HP3",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HP3",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1900HP2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HS3",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1800HP4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HP4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HS4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX1500HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HS",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.7.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WF1200CR",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.6.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200CR",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HP4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HM4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HS2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.3.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX3000HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 2.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX3000HP2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.3.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX3600HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm GX1200HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm GX1200HS4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200DM4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm GB1200PE",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.3.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
            }
          ],
          "value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912: Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T04:13:59.147Z",
        "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "shortName": "NEC"
      },
      "references": [
        {
          "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
    "assignerShortName": "NEC",
    "cveId": "CVE-2026-4621",
    "datePublished": "2026-03-27T11:52:48.222Z",
    "dateReserved": "2026-03-23T06:04:48.670Z",
    "dateUpdated": "2026-04-10T04:13:59.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3587 (GCVE-0-2026-3587)

Vulnerability from cvelistv5 – Published: 2026-03-23 07:49 – Updated: 2026-03-24 07:38
VLAI
Title
Hidden CLI Function Allows Root Access
Summary
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
WAGO Lean Managed Switch 852-1812 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1813 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1813-000-001 Affected: 0.0.0 , < V1.2.3.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1816 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-303 Affected: 0.0.0 , < V1.2.8.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-1305 Affected: 0.0.0 , < V1.2.0.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-1305-000-001 Affected: 0.0.0 , < V1.2.0.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-1505-000-001 Affected: 0.0.0 , < V1.2.0.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-1505 Affected: 0.0.0 , < V1.1.9.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-602 Affected: 0.0.0 , < V1.0.6.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-603 Affected: 0.0.0 , < V1.0.6.S0 (semver)
Create a notification for this product.
WAGO Industrial Managed Switch 852-1605 Affected: 0.0.0 , < V1.2.5.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1812-010-000 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1813-010-000 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1816-010-000 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
WAGO Lean Managed Switch 852-1813/010-001 Affected: 0.0.0 , < V1.2.1.S0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T14:05:17.517159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T14:05:54.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1812",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1813",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1813-000-001",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.3.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1816",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-303",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.8.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-1305",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.0.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-1305-000-001",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.0.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-1505-000-001",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.0.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-1505",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.1.9.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-602",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.0.6.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-603",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.0.6.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Industrial Managed Switch 852-1605",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.5.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1812-010-000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1813-010-000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1816-010-000",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Lean Managed Switch 852-1813/010-001",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThan": "V1.2.1.S0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
            }
          ],
          "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T07:38:36.602Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2026-020"
        }
      ],
      "source": {
        "advisory": "VDE-2026-020",
        "defect": [
          "CERT@VDE#641971"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Hidden CLI Function Allows Root Access",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-3587",
    "datePublished": "2026-03-23T07:49:17.325Z",
    "dateReserved": "2026-03-05T09:44:25.876Z",
    "dateUpdated": "2026-03-24T07:38:36.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1952 (GCVE-0-2026-1952)

Vulnerability from cvelistv5 – Published: 2026-04-24 06:08 – Updated: 2026-04-24 15:26
VLAI
Title
Denial of service via the undocumented subfunction in AS320T
Summary
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
DeltaWW AS320T Affected: 0 , ≤ 1.14 (custom)
Create a notification for this product.
Date Public
2026-04-24 05:26
Credits
Sergey Fedonin and Ivan Kurnakov (Positive Technologies)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-24T15:25:54.104259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-24T15:26:08.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AS320T",
          "vendor": "DeltaWW",
          "versions": [
            {
              "lessThanOrEqual": "1.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.14",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Sergey Fedonin and Ivan Kurnakov (Positive Technologies)"
        }
      ],
      "datePublic": "2026-04-24T05:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Delta Electronics AS320T has denial of service via the undocumented subfunction\u0026nbsp;vulnerability."
            }
          ],
          "value": "Delta Electronics AS320T has denial of service via the undocumented subfunction\u00a0vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-125",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-125: Flooding"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-24T06:08:58.826Z",
        "orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
        "shortName": "Deltaww"
      },
      "references": [
        {
          "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade firmware to v1.16 or later\u003cbr\u003e"
            }
          ],
          "value": "Upgrade firmware to v1.16 or later"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Denial of service via the undocumented subfunction in AS320T",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
    "assignerShortName": "Deltaww",
    "cveId": "CVE-2026-1952",
    "datePublished": "2026-04-24T06:08:58.826Z",
    "dateReserved": "2026-02-05T05:43:02.712Z",
    "dateUpdated": "2026-04-24T15:26:08.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Installation

Always verify the integrity of the product that is being installed.

CAPEC-133: Try All Common Switches

An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is indiscriminately attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.

CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality

An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the 'black box' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.