CVE-2025-41732
EUVD-2025-20241410.12.2025, 11:15
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| wago | 0852-1328_firmware | 𝑥 < 02.64 |
| wago | 0852-1322_firmware | 𝑥 < 02.64 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.