CVE-2025-41684

Summary

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

Affected Software

VendorProductVersion RangeStatus
WeidmuellerIE-SR-2TX-WLV0.0 < V1.49affected
WeidmuellerIE-SR-2TX-WL-4G-EUV0.0 < V1.62affected
WeidmuellerIE-SR-2TX-WL-4G-US-VV0.0 < V1.62affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References