This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Hidden CLI features in WAGO Lean Managed Switch allow full device compromise. π₯ **Consequences**: Total loss of confidentiality, integrity, and availability. Critical severity!
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-912 (Hidden Function). The CLI prompt contains undiscovered commands that bypass intended security controls. π΅οΈββοΈ It's a design flaw exposing backend capabilities.
π **Attacker Impact**: Full root access! π CVSS Score: 10.0 (Critical). Can read data, modify configs, and crash the system. Complete takeover possible.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Exploitation**: Low barrier! π« No authentication required (PR:N). Network accessible (AV:N). Easy to trigger via CLI interface. β οΈ High risk!
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: No PoC currently listed in the data. π However, the vulnerability is well-defined. Wild exploitation is likely imminent given the low effort required.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for WAGO Lean Managed Switch 852-1812 devices. π‘ Look for CLI interfaces exposed on the network. Test for hidden command injection if safe.