Remote Code Execution in PHOENIX CONTACTs WP 6xxx Series Web Panels

Remote Code Execution in PHOENIX CONTACTs WP 6xxx Series Web Panels

CVE-2023-37859 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.

Learn more about our Web App Pen Testing.