CVE-2026-3587
Received Received - Intake
CLI Prompt Escape Vulnerability Enables Unauthenticated Root Access

Publication date: 2026-03-23

Last updated on: 2026-03-24

Assigner: CERT VDE

Description
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3587
EUVD
EUVD-2026-14385
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
wago gmbh_and_co_kg 852-1305
wago gmbh_and_co_kg 852-1505
wago gmbh_and_co_kg 852-1605
wago gmbh_and_co_kg to 1.2.0.S1 (exc)
wago gmbh_and_co_kg 852-1816
wago gmbh_and_co_kg 852-602
wago gmbh_and_co_kg 852-603
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-3587 is a vulnerability in multiple models of WAGO managed switches that allows an unauthenticated remote attacker to exploit a hidden function in the device's CLI prompt."}, {'type': 'paragraph', 'content': 'By exploiting this hidden function, the attacker can escape the restricted interface and gain root access to the underlying Linux-based operating system.'}, {'type': 'paragraph', 'content': 'This leads to a full compromise of the device, affecting its confidentiality, integrity, and availability.'}] [1]

Impact Analysis

This vulnerability can have severe impacts as it allows an unauthenticated attacker to fully compromise affected WAGO managed switches remotely.

  • Complete control over the device by gaining root access.
  • Potential loss of confidentiality, integrity, and availability of the device and its data.
  • Disruption of network operations relying on the compromised device.
  • Possible use of the compromised device as a foothold for further attacks within the network.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-3587 vulnerability, you should update the affected WAGO managed switches to the fixed firmware versions provided by the vendor.

  • Update to firmware version V1.2.1.S1 for Lean Managed Switch models 852-1812 and 852-1813.
  • Update to firmware version V1.2.3.S1 for model 852-1813/000-001.
  • Update to firmware version V1.2.8.S1 for Industrial Managed Switch 852-303.
  • Apply corresponding fixed firmware versions for other affected models as listed in the advisory.

These updates close the hidden CLI function exploit that allows unauthenticated remote attackers to gain root access and fully compromise the device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3587. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart