Unrestricted File Upload Vulnerability in WAGO e!DISPLAY Devices

Unrestricted File Upload Vulnerability in WAGO e!DISPLAY Devices

CVE-2018-12979 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.

Learn more about our User Device Pen Test.