Skip to main content

Ie Wl Bl Ap Cl Eu Firmware CVE-2021-33538

HIGH
Improper Privilege Management (CWE-269)
2021-06-25 info@cert.vde.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 25, 2021 - 19:15 nvd
HIGH 8.8

DescriptionNVD

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

AnalysisAI

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Affected products include: Weidmueller Ie-Wl-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wl-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wl-Vl-Ap-Br-Cl-Eu Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2021-33537 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in

CVE-2021-33535 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_

CVE-2021-33533 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33532 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33531 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability e

CVE-2021-33530 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in enc

CVE-2021-33528 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in

CVE-2021-33536 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in Ser

CVE-2021-33529 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the servic

CVE-2021-33539 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in

CVE-2021-33534 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

Share

CVE-2021-33538 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy