CVE-2021-33528
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WL-BL-AP-CL-EU (2536600000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WLT-BL-AP-CL-EU (2536650000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WL-BL-AP-CL-US (2536660000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WLT-BL-AP-CL-US (2536670000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WL-VL-AP-BR-CL-EU (2536680000) <= V1.11.10 (Build 18122616) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WLT-VL-AP-BR-CL-EU (2536690000) <= V1.11.10 (Build 18122616) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WL-VL-AP-BR-CL-US (2536700000) <= V1.11.10 (Build 18122616) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WLT-VL-AP-BR-CL-US (2536710000) <= V1.11.10 (Build 18122616) | affected |
Weaknesses
- CWE-710: CWE-710 Improper Adherence to Coding Standards
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.