CVE-2026-3587

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://certvde.com/de/advisories/VDE-2026-020

Configurations

No configuration.

History

17 Jun 2026, 10:43

Type	Values Removed	Values Added
Summary		(es) Un atacante remoto no autenticado puede realizar un exploit de una función oculta en el indicador de la CLI para escapar de la interfaz restringida y obtener acceso de root al sistema operativo subyacente basado en Linux, lo que lleva al compromiso total del dispositivo.

24 Mar 2026, 08:16

Type	Values Removed	Values Added
Summary	(en) An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.	(en) An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

23 Mar 2026, 08:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-23 08:16

Updated : 2026-06-17 10:43

NVD link : CVE-2026-3587

Mitre link : CVE-2026-3587

CVE.ORG link : CVE-2026-3587

JSON object : View

Products Affected

No product.

CWE

CWE-912

Hidden Functionality

{"id": "CVE-2026-3587", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-3587", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:05:17.517159Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "affected": [{"source": "info@cert.vde.com", "affectedData": [{"vendor": "WAGO", "product": "Lean Managed Switch 852-1812", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813-000-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.3.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1816", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-303", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.8.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1305", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.0.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1305-000-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.0.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1505-000-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.0.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1505", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.1.9.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-602", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.0.6.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-603", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.0.6.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Industrial Managed Switch 852-1605", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.5.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1812-010-000", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813-010-000", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1816-010-000", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "Lean Managed Switch 852-1813/010-001", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "V1.2.1.S0", "versionType": "semver"}], "defaultStatus": "unaffected"}]}], "published": "2026-03-23T08:16:17.360", "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-020", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-912"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."}, {"lang": "es", "value": "Un atacante remoto no autenticado puede realizar un exploit de una funci\u00f3n oculta en el indicador de la CLI para escapar de la interfaz restringida y obtener acceso de root al sistema operativo subyacente basado en Linux, lo que lleva al compromiso total del dispositivo."}], "lastModified": "2026-06-17T10:43:49.597", "sourceIdentifier": "info@cert.vde.com"}