CVE-2026-5416

Summary

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.

Affected Software

VendorProductVersion RangeStatus
TURCKTBEN-LL-SE-M20.0.0 <= 2.0.6.0affected
TURCKTBEN-L4-SE-M20.0.0 <= 2.0.6.0affected
TURCKTBEN-L5-SE-M20.0.0 <= 2.0.6.0affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References