CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-41663 – Weidmueller: Security routers IE-SR-2TX are affected by Command Injection
https://notcve.org/view.php?id=CVE-2025-41663
11 Jun 2025 — An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges. • https://certvde.com/en/advisories/VDE-2025-052 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-41661 – Weidmueller: Security routers IE-SR-2TX are affected by CSRF
https://notcve.org/view.php?id=CVE-2025-41661
11 Jun 2025 — An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint event_mail_test). • https://certvde.com/en/advisories/VDE-2025-052 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-41662 – Weidmueller: Security routers IE-SR-2TX are affected by Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2025-41662
11 Jun 2025 — An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint tls_iotgen_setting). • https://certvde.com/en/advisories/VDE-2025-052 • CWE-352: Cross-Site Request Forgery (CSRF) •