Main Vulnerability Database Exploits ID:6184 - Exploit for Unrestricted upload of file with dangerous type in WAGO products - CVE-2018-12980

ID:6184 - Exploit for Unrestricted upload of file with dangerous type in WAGO products - CVE-2018-12980

Published: June 17, 2021

Vulnerability identifier: #VU13848

Vulnerability risk: Low

CVE-ID: CVE-2018-12980

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
WAGO e!DISPLAY 7300T 762-300
WAGO e!DISPLAY 7300T 762-3002
WAGO e!DISPLAY 7300T 762-3001
WAGO e!DISPLAY 7300T 762-3000

Link to public exploit:

https://www.exploit-db.com/exploits/45014/

Vulnerability description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload arbitrary files to the file system with the permissions of the web server.

Remediation

Update to version 02.

ID:6184 - Exploit for Unrestricted upload of file with dangerous type in WAGO products - CVE-2018-12980

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human