Skip to main content

Ie Wl Bl Ap Cl Eu Firmware CVE-2021-33539

HIGH
Improper Authentication (CWE-287)
2021-06-25 info@cert.vde.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 25, 2021 - 19:15 nvd
HIGH 7.2

DescriptionNVD

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.

AnalysisAI

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. Affected products include: Weidmueller Ie-Wl-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Eu Firmware, Weidmueller Ie-Wl-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wlt-Bl-Ap-Cl-Us Firmware, Weidmueller Ie-Wl-Vl-Ap-Br-Cl-Eu Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2021-33538 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists

CVE-2021-33537 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in

CVE-2021-33535 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_

CVE-2021-33533 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33532 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

CVE-2021-33531 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability e

CVE-2021-33530 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in enc

CVE-2021-33528 HIGH
8.8 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in

CVE-2021-33536 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in Ser

CVE-2021-33529 HIGH
7.5 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the servic

CVE-2021-33534 HIGH
7.2 Jun 25

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the

Share

CVE-2021-33539 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy