fkie_nvd - fkie_cve-2021-33537

FKIE_CVE-2021-33537

Vulnerability from fkie_nvd - Published: 2021-06-25 19:15 - Updated: 2024-11-21 06:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

References

	URL	Tags
	info@cert.vde.com	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2021-026	Third Party Advisory

Impacted products

Vendor	Product	Version
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-
weidmueller	ie-wl-bl-ap-cl-eu_firmware	*
weidmueller	ie-wl-bl-ap-cl-eu	-
weidmueller	ie-wlt-bl-ap-cl-eu_firmware	*
weidmueller	ie-wlt-bl-ap-cl-eu	-
weidmueller	ie-wl-bl-ap-cl-us_firmware	*
weidmueller	ie-wl-bl-ap-cl-us	-
weidmueller	ie-wlt-bl-ap-cl-us_firmware	*
weidmueller	ie-wlt-bl-ap-cl-us	-
weidmueller	ie-wl-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-eu	-
weidmueller	ie-wlt-vl-ap-br-cl-eu_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-eu	-
weidmueller	ie-wl-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wl-vl-ap-br-cl-us	-
weidmueller	ie-wlt-vl-ap-br-cl-us_firmware	*
weidmueller	ie-wlt-vl-ap-br-cl-us	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442",
              "versionEndIncluding": "1.16.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7",
              "versionEndIncluding": "1.11.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota explotable en la funcionalidad configuration parsing iw_webs. Una entrada de nombre de usuario especialmente dise\u00f1ada puede causar un desbordamiento de b\u00fafer de mensaje de error, resultando en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-33537",
  "lastModified": "2024-11-21T06:09:02.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-25T19:15:09.503",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

CVE-2021-33537 (GCVE-0-2021-33537)

Vulnerability from cvelistv5 – Published: 2021-06-25 18:26 – Updated: 2024-09-17 02:57

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Overflow

Assigner

CERTVDE

References

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2021-026

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Weidmüller

IE-WL(T)-BL-AP-CL-XX

Affected: IE-WL-BL-AP-CL-EU (2536600000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WLT-BL-AP-CL-EU (2536650000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WL-BL-AP-CL-US (2536660000) , ≤ V1.16.18 (Build 18081617) (custom)
Affected: IE-WLT-BL-AP-CL-US (2536670000) , ≤ V1.16.18 (Build 18081617) (custom)

Weidmüller

IE-WL(T)-VL-AP-CL-XX

Affected: IE-WL-VL-AP-BR-CL-EU (2536680000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WLT-VL-AP-BR-CL-EU (2536690000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WL-VL-AP-BR-CL-US (2536700000) , ≤ V1.11.10 (Build 18122616) (custom)
Affected: IE-WLT-VL-AP-BR-CL-US (2536710000) , ≤ V1.11.10 (Build 18122616) (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IE-WL(T)-BL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-EU (2536600000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-EU (2536650000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WL-BL-AP-CL-US (2536660000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.16.18 (Build 18081617)",
              "status": "affected",
              "version": "IE-WLT-BL-AP-CL-US (2536670000)",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IE-WL(T)-VL-AP-CL-XX",
          "vendor": "Weidm\u00fcller",
          "versions": [
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.11.10 (Build 18122616)",
              "status": "affected",
              "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-25T18:26:01",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
        }
      ],
      "source": {
        "advisory": "VDE-2021-026",
        "defect": [
          "VDE-2021-026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33537",
          "STATE": "PUBLIC",
          "TITLE": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IE-WL(T)-BL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-BL-AP-CL-US (2536660000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
                            "version_value": "V1.16.18 (Build 18081617)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IE-WL(T)-VL-AP-CL-XX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
                            "version_value": "V1.11.10 (Build 18122616)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Weidm\u00fcller"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120 Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
          }
        ],
        "source": {
          "advisory": "VDE-2021-026",
          "defect": [
            "VDE-2021-026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33537",
    "datePublished": "2021-06-25T18:26:01.893809Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T02:57:37.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2021-33537

CVE-2021-33537 (GCVE-0-2021-33537)

Tags

Sightings

Nomenclature