CVE-2021-33537

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Reference Links(if available):

  • https://cert.vde.com/en-us/advisories/vde-2021-026
  • CVSS Score (if available)

    v2: / LOW

    v3: /

    Links to Exploits(if available)

  • Available for Amazon Prime