CVE-2023-3572

CRITICAL Year: 2023
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-78
View all →

Vulnerability Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

Related Vulnerabilities

CVE-2017-1253

CRITICAL
CVSS:9.9(Critical)

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability...

CWE-782017

CVE-2017-2866

CRITICAL
CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP req...

CWE-782017

CVE-2017-2890

CRITICAL
CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attac...

CWE-782017

CVE-2017-2917

CRITICAL
CVSS:9.9(Critical)

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker ca...

CWE-782017

CVE-2017-7175

CRITICAL
CVSS:9.9(Critical)

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

CWE-782017

CVE-2017-8220

CRITICAL
CVSS:9.9(Critical)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO...

CWE-782017