CRITICAL🇵🇱 Wersja polska

CVE-2026-3587

CVSS 10.0v3.1pub. 2026-03-23upd. 2026-03-24

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

🤖 AI Analysis
How it works

An unauthenticated attacker gains access to a hidden function in the device's CLI interface, classified as CWE-912 (Hidden Functionality). This function enables escape from the restricted CLI environment (restricted interface escape), leading to complete compromise of device security. The attack is possible remotely over the network, without user interaction, and without requiring any privileges.

Impact

An attacker can gain full control over the device, including access to sensitive data, ability to modify configuration, and disrupt its operation — which corresponds to maximum confidentiality, integrity, and availability scores in the CVSS vector.

Mitigation & patch

Patches available from the manufacturer should be applied according to references — detailed information available at https://certvde.com/de/advisories/VDE-2026-020

Who is affected

Versions indicated in manufacturer references (products unknown based on available metadata — details in VDE-2026-020 advisory at certvde.com)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References