Description
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
Published: 2026-02-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Patch Immediately
AI Analysis

Impact

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and employing path traversal sequences such as /js/../cgi-bin/post.cgi, which allows unauthorized access to protected CGI endpoints and configuration downloads. This flaw can lead to the exposure of sensitive configuration data and potentially to unauthorized manipulation of device settings, posing a significant security risk.

Affected Systems

The vulnerability affects WAGO devices in the 0852‑1322 and 0852‑1328 series. No specific firmware or revision numbers are listed, so all current deployments of these series are potentially impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability, and the EPSS score of less than 1% shows a very low exploitation probability at present. The flaw is not listed in the CISA KEV catalog. The likely attack vector is remote, unauthenticated, and requires the attacker to send a specially crafted request to the device’s web interface, bypassing authentication and accessing configuration resources.

Generated by OpenCVE AI on April 17, 2026 at 21:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest firmware update that fixes URI validation and prevents path traversal.
  • If a patch is not yet available, restrict network connectivity to the device’s management interface to trusted IP ranges or use a firewall to block unauthenticated traffic.
  • Disable or remove unused CGI endpoints and enforce strict authentication on all remaining web services.
  • Monitor access logs for unusual URI patterns such as '/../' sequences and investigate promptly.

Generated by OpenCVE AI on April 17, 2026 at 21:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Wago
Wago 0852-1322
Wago 0852-1328
Vendors & Products Wago
Wago 0852-1322
Wago 0852-1328

Mon, 09 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 08:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
Title Authentication Bypass via URI Traversal
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wago 0852-1322 0852-1328
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-02-09T15:33:33.687Z

Reserved: 2026-01-13T08:33:25.684Z

Link: CVE-2026-22905

cve-icon Vulnrichment

Updated: 2026-02-09T15:33:24.758Z

cve-icon NVD

Status : Deferred

Published: 2026-02-09T08:16:11.560

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses