CVE-2018-16210

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
References
Link Resource
https://www.exploit-db.com/exploits/45581/ Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/45581/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:wago:wago_750-881_ethernet_controller_devices_firmware:01.08.01\(10\):*:*:*:*:*:*:*
cpe:2.3:o:wago:wago_750-881_ethernet_controller_devices_firmware:01.09.18\(13\):*:*:*:*:*:*:*
cpe:2.3:h:wago:wago_750-881_ethernet_controller_devices:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:52

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/45581/ - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/45581/ - Third Party Advisory, VDB Entry

Information

Published : 2018-10-12 22:15

Updated : 2024-11-21 03:52


NVD link : CVE-2018-16210

Mitre link : CVE-2018-16210

CVE.ORG link : CVE-2018-16210


JSON object : View

Products Affected

wago

  • wago_750-881_ethernet_controller_devices
  • wago_750-881_ethernet_controller_devices_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')