Root Privilege Escalation via Specially Crafted HTTP POST in PHOENIX CONTACTs WP 6xxx Series Web Panels

Root Privilege Escalation via Specially Crafted HTTP POST in PHOENIX CONTACTs WP 6xxx Series Web Panels

CVE-2023-37861 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

Learn more about our Web App Pen Testing.