Skip to main content

Ie Wl Bl Ap Cl Eu Firmware CVE-2021-33532

HIGH
OS Command Injection (CWE-78)
2021-06-25 info@cert.vde.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 25, 2021 - 19:15 nvd
HIGH 8.8

DescriptionNVD

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

AnalysisAI

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Affected products include: Weidmueller Ie-Wl-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wl-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wl-Vl-Ap-Br-Cl-Eu Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2021-33538 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists

CVE-2021-33537 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in

CVE-2021-33535 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_

CVE-2021-33533 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33531 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability e

CVE-2021-33530 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in enc

CVE-2021-33528 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in

CVE-2021-33536 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in Ser

CVE-2021-33529 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the servic

CVE-2021-33539 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in

CVE-2021-33534 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

Share

CVE-2021-33532 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy