Primary

Context

WAGO Industrial-Managed-Switch Stack Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

A stack buffer overflow vulnerability has been identified in the WAGO Industrial-Managed-Switch models 0852-1322 and 0852-1328, both running firmware through 2.64. An unauthenticated remote attacker can exploit this vulnerability by sending an HTTP request with an excessively long SESSIONID cookie. This exploitation can cause the modified lighttpd server to crash and potentially allow remote code execution, as the stack protections are inadequate.

Impact

Exploitation of this vulnerability can lead to a crash of the web service, remote code execution, and unauthorized access to administrative credentials.

Remediation

Users are advised to update their devices to firmware version 02.65.

Added: Feb 9, 2026, 8:27 AM

Updated: Feb 9, 2026, 4:32 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

8.3

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

8.3

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAGO Industrial-Managed-Switch Stack Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

lighttpd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating