CVE-2026-0647
HighCVSS 8.8Summary
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint.
Risk Assessment
If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.
Recommendation
It is recommended to secure access to the web server by implementing appropriate authentication mechanisms and monitoring network traffic for unauthorized access attempts.
Original NVD description (English source)
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication being required. If exploited, this could lead to unauthorized access, account takeover, and loss of the device’s embedded web server’s availability.

