CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33539 – WEIDMUELLER: WLAN devices affected by authentication bypass vulnerability
https://notcve.org/view.php?id=CVE-2021-33539
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad explotable de omisión d... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33538 – WEIDMUELLER: WLAN devices affected by improper access control vulnerability
https://notcve.org/view.php?id=CVE-2021-33538
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presen... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33537 – WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2021-33537
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad de ejecución... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33536 – WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability
https://notcve.org/view.php?id=CVE-2021-33536
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad de denegación de servicio explotable en la... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33535 – WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability
https://notcve.org/view.php?id=CVE-2021-33535
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad explotable de cadena de... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33534 – WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2021-33534
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability. En los dispositivos WLAN industriales de Weidmueller en múltiples versiones existe una vulnerabilid... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33533 – WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2021-33533
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad de i... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33532 – WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2021-33532
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilida... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33531 – WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability
https://notcve.org/view.php?id=CVE-2021-33531
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad explotable... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33530 – WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2021-33530
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una v... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •