In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeidmueller Ie Wl Bl Ap Cl Eu
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wl Bl Ap Cl Eu Firmware
OSWeidmueller≤ 1.11.10≤ 1.16.18Weidmueller Ie Wl Bl Ap Cl Us
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wl Bl Ap Cl Us Firmware
OSWeidmueller≤ 1.11.10≤ 1.16.18Weidmueller Ie Wlt Bl Ap Cl Eu
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wlt Bl Ap Cl Eu Firmware
OSWeidmueller≤ 1.16.18≤ 1.11.10Weidmueller Ie Wlt Bl Ap Cl Us
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wlt Bl Ap Cl Us Firmware
OSWeidmueller≤ 1.11.10≤ 1.16.18Weidmueller Ie Wlt Vl Ap Br Cl Eu
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wlt Vl Ap Br Cl Eu Firmware
OSWeidmueller≤ 1.11.10≤ 1.16.18Weidmueller Ie Wlt Vl Ap Br Cl Us
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wlt Vl Ap Br Cl Us Firmware
OSWeidmueller≤ 1.11.10≤ 1.16.18Weidmueller Ie Wl Vl Ap Br Cl Eu
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wl Vl Ap Br Cl Eu Firmware
OSWeidmueller≤ 1.11.10≤ 1.16.18Weidmueller Ie Wl Vl Ap Br Cl Us
HWWeidmuellerwszystkie wersjeWeidmueller Ie Wl Vl Ap Br Cl Us Firmware
OSWeidmueller≤ 1.16.18≤ 1.11.10
Related vulnerabilities
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within ...
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exi...
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulne...
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exi...
In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability ...