CVE-2025-41730
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-19
Assigner: CERT VDE
Description
Description
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wago | 0852-1328_firmware | to 02.64 (exc) |
| wago | 0852-1328 | * |
| wago | 0852-1322_firmware | to 02.64 (exc) |
| wago | 0852-1322 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to exploit unsafe sscanf calls within the check_account() function. By doing so, the attacker can write arbitrary data into fixed-size stack buffers, which can lead to full device compromise.
How can this vulnerability impact me? :
The vulnerability can lead to full device compromise, meaning an attacker could gain complete control over the affected device remotely without authentication.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70