CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33529 – WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability
https://notcve.org/view.php?id=CVE-2021-33529
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, el uso de claves criptográficas embebidas en el binario del agente de servicio permite el descifrado del tráfico capturado a través de la red desde o hacia el dispositivo • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33528 – WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-33528
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad de escalada de pri... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-710: Improper Adherence to Coding Standards •