Description
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
Published: 2026-03-23
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Root Access
Action: Immediate Patch
AI Analysis

Impact

This vulnerability arises from a hidden command in the command line interface that, when invoked, unexpectedly removes the restrictions normally defined for the interface. Because the function can be triggered without authentication, a remote attacker who can reach the device can use it to gain full administrative privileges, effectively achieving arbitrary code execution and compromising the device and any network services it provides. The weakness corresponds to the logic‑based bypass described by CWE‑912.

Affected Systems

All WAGO Industrial and Lean Managed Switch models enumerated in the CNA list, including the 852‑1305 series, 852‑1505 series, 852‑1605, 852‑303, 852‑602, 852‑603, 852‑1812, 852‑1813, and 852‑1816, along with their variant identifiers such as 852‑1305‑000‑001 and 852‑1813‑010‑001.

Risk and Exploitability

The CVSS score of 10 indicates maximum severity, while the EPSS score of less than 1% suggests that, so far, exploitation is uncommon but possible. The likely attack vector is remote network access to the device’s CLI, giving an unauthenticated attacker the ability to invoke the hidden command. Although the vulnerability is not listed in the CISA KEV catalog, its high severity and the lack of an authentication barrier mean it should be treated with the utmost urgency.

Generated by OpenCVE AI on March 24, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update or patch released by WAGO that addresses the hidden CLI exploitation.
  • Restrict external network access to the device’s CLI interface using firewall rules or network segmentation.
  • If the CLI is not required for remote management, consider disabling it or requiring strong authentication for any remote access.
  • Continuously monitor device logs for unexpected CLI activity to detect potential abuse.

Generated by OpenCVE AI on March 24, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Wago
Wago industrial Managed Switch 852-1305
Wago industrial Managed Switch 852-1305-000-001
Wago industrial Managed Switch 852-1505
Wago industrial Managed Switch 852-1505-000-001
Wago industrial Managed Switch 852-1605
Wago industrial Managed Switch 852-303
Wago industrial Managed Switch 852-602
Wago industrial Managed Switch 852-603
Wago lean Managed Switch 852-1812
Wago lean Managed Switch 852-1812-010-000
Wago lean Managed Switch 852-1813
Wago lean Managed Switch 852-1813-000-001
Wago lean Managed Switch 852-1813-010-000
Wago lean Managed Switch 852-1813/010-001
Wago lean Managed Switch 852-1816
Wago lean Managed Switch 852-1816-010-000
Vendors & Products Wago
Wago industrial Managed Switch 852-1305
Wago industrial Managed Switch 852-1305-000-001
Wago industrial Managed Switch 852-1505
Wago industrial Managed Switch 852-1505-000-001
Wago industrial Managed Switch 852-1605
Wago industrial Managed Switch 852-303
Wago industrial Managed Switch 852-602
Wago industrial Managed Switch 852-603
Wago lean Managed Switch 852-1812
Wago lean Managed Switch 852-1812-010-000
Wago lean Managed Switch 852-1813
Wago lean Managed Switch 852-1813-000-001
Wago lean Managed Switch 852-1813-010-000
Wago lean Managed Switch 852-1813/010-001
Wago lean Managed Switch 852-1816
Wago lean Managed Switch 852-1816-010-000

Tue, 24 Mar 2026 08:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device. An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Mon, 23 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
Title Hidden CLI Function Allows Root Access
Weaknesses CWE-912
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Wago Industrial Managed Switch 852-1305 Industrial Managed Switch 852-1305-000-001 Industrial Managed Switch 852-1505 Industrial Managed Switch 852-1505-000-001 Industrial Managed Switch 852-1605 Industrial Managed Switch 852-303 Industrial Managed Switch 852-602 Industrial Managed Switch 852-603 Lean Managed Switch 852-1812 Lean Managed Switch 852-1812-010-000 Lean Managed Switch 852-1813 Lean Managed Switch 852-1813-000-001 Lean Managed Switch 852-1813-010-000 Lean Managed Switch 852-1813/010-001 Lean Managed Switch 852-1816 Lean Managed Switch 852-1816-010-000
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-24T07:38:36.602Z

Reserved: 2026-03-05T09:44:25.876Z

Link: CVE-2026-3587

cve-icon Vulnrichment

Updated: 2026-03-23T14:05:45.712Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T08:16:17.360

Modified: 2026-03-24T08:16:01.910

Link: CVE-2026-3587

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:30Z

Weaknesses