CVE-2021-33531
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WL-BL-AP-CL-EU (2536600000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WLT-BL-AP-CL-EU (2536650000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WL-BL-AP-CL-US (2536660000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-BL-AP-CL-XX | IE-WLT-BL-AP-CL-US (2536670000) <= V1.16.18 (Build 18081617) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WL-VL-AP-BR-CL-EU (2536680000) <= V1.11.10 (Build 18122616) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WLT-VL-AP-BR-CL-EU (2536690000) <= V1.11.10 (Build 18122616) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WL-VL-AP-BR-CL-US (2536700000) <= V1.11.10 (Build 18122616) | affected |
| Weidmüller | IE-WL(T)-VL-AP-CL-XX | IE-WLT-VL-AP-BR-CL-US (2536710000) <= V1.11.10 (Build 18122616) | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.