CVE-2021-33537

June 30, 2021

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Summary:

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Reference Links(if available):

  • https://cert.vde.com/en-us/advisories/vde-2021-026

  • CVSS Score (if available)

    v2: / LOW

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    hkcert

    Palo Alto Products Remote Code Execution Vulnerability

    April 19, 2024
    HIBP Banner 1

    Le Slip Français – 1,495,127 breached accounts

    April 19, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 19, 2024
    CISA Logo

    CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    April 19, 2024
    CISA Logo

    CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

    April 19, 2024