An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.
An unauthenticated attacker gains access to a hidden function in the device's CLI interface, classified as CWE-912 (Hidden Functionality). This function enables escape from the restricted CLI environment (restricted interface escape), leading to complete compromise of device security. The attack is possible remotely over the network, without user interaction, and without requiring any privileges.
An attacker can gain full control over the device, including access to sensitive data, ability to modify configuration, and disrupt its operation — which corresponds to maximum confidentiality, integrity, and availability scores in the CVSS vector.
Patches available from the manufacturer should be applied according to references — detailed information available at https://certvde.com/de/advisories/VDE-2026-020
Versions indicated in manufacturer references (products unknown based on available metadata — details in VDE-2026-020 advisory at certvde.com)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H