PT-2026-7082 · Wago · Wago 0852-1322

Diconium

Publicado

2026-02-09

Atualizado

2026-03-22

CVE-2026-22904

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions lighttpd (affected versions not specified) WAGO 0852-1322 (affected versions not specified)

Description An issue exists where improper length handling during the parsing of multiple cookie fields, including the TRACKID field, can allow an unauthenticated remote attacker to send oversized cookie values. This can trigger a stack buffer overflow, potentially leading to a denial-of-service condition and possible remote code execution. The vulnerability affects devices that process cookies without proper size validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Stack Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121

Identificadores relacionados

CVE-2026-22904

Produtos afetados

Wago 0852-1322

PT-2026-7082 · Wago · Wago 0852-1322

CVE-2026-22904

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11