hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
CPE | Name | Operator | Version |
---|---|---|---|
wyse_device_manager | eq | 4.7.0 | |
wyse_device_manager | eq | 4.7.2 | |
wyse_device_manager | eq | 4.7.1 |