An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.
[
{
"product": "WAGO PFC200 Firmware",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "version 03.00.39(12)"
},
{
"status": "affected",
"version": "version 03.01.07(13)"
}
]
},
{
"product": "WAGO PFC100 Firmware",
"vendor": "Wago",
"versions": [
{
"status": "affected",
"version": "version 03.00.39(12)"
}
]
}
]