CVE-2009-0695

Name of the Vulnerable Software and Affected Versions Wyse Device Manager (WDM) versions 4.7.x

Description The issue allows remote attackers to obtain management access without requiring authentication for commands. This can be achieved by sending a crafted query, such as a V52 query, which can trigger actions like powering off the device.

Recommendations For Wyse Device Manager (WDM) versions 4.7.x, consider restricting access to the hagent.exe component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to send crafted queries to the affected system.