{"containers": {"cna": {"affected": [{"product": "IE-WL(T)-BL-AP-CL-XX", "vendor": "Weidm\u00fcller", "versions": [{"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WL-BL-AP-CL-EU (2536600000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WLT-BL-AP-CL-EU (2536650000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WL-BL-AP-CL-US (2536660000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.16.18 (Build 18081617)", "status": "affected", "version": "IE-WLT-BL-AP-CL-US (2536670000)", "versionType": "custom"}]}, {"product": "IE-WL(T)-VL-AP-CL-XX", "vendor": "Weidm\u00fcller", "versions": [{"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WL-VL-AP-BR-CL-EU (2536680000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WL-VL-AP-BR-CL-US (2536700000)", "versionType": "custom"}, {"lessThanOrEqual": "V1.11.10 (Build 18122616)", "status": "affected", "version": "IE-WLT-VL-AP-BR-CL-US (2536710000)", "versionType": "custom"}]}], "datePublic": "2021-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-25T18:26:01", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}], "solutions": [{"lang": "en", "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."}], "source": {"advisory": "VDE-2021-026", "defect": ["VDE-2021-026"], "discovery": "EXTERNAL"}, "title": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-06-23T10:00:00.000Z", "ID": "CVE-2021-33537", "STATE": "PUBLIC", "TITLE": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IE-WL(T)-BL-AP-CL-XX", "version": {"version_data": [{"version_affected": "<=", "version_name": "IE-WL-BL-AP-CL-EU (2536600000)", "version_value": "V1.16.18 (Build 18081617)"}, {"version_affected": "<=", "version_name": "IE-WLT-BL-AP-CL-EU (2536650000)", "version_value": "V1.16.18 (Build 18081617)"}, {"version_affected": "<=", "version_name": "IE-WL-BL-AP-CL-US (2536660000)", "version_value": "V1.16.18 (Build 18081617)"}, {"version_affected": "<=", "version_name": "IE-WLT-BL-AP-CL-US (2536670000)", "version_value": "V1.16.18 (Build 18081617)"}]}}, {"product_name": "IE-WL(T)-VL-AP-CL-XX", "version": {"version_data": [{"version_affected": "<=", "version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)", "version_value": "V1.11.10 (Build 18122616)"}, {"version_affected": "<=", "version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)", "version_value": "V1.11.10 (Build 18122616)"}, {"version_affected": "<=", "version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)", "version_value": "V1.11.10 (Build 18122616)"}, {"version_affected": "<=", "version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)", "version_value": "V1.11.10 (Build 18122616)"}]}}]}, "vendor_name": "Weidm\u00fcller"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-026", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}]}, "solution": [{"lang": "en", "value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."}], "source": {"advisory": "VDE-2021-026", "defect": ["VDE-2021-026"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:42.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-33537", "datePublished": "2021-06-25T18:26:01.893809Z", "dateReserved": "2021-05-24T00:00:00", "dateUpdated": "2024-09-17T02:57:37.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E409B45-BF28-41AD-B3A7-656FBAF9597D", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F26A4C-FDBA-48A8-AC05-1A779F0051F3", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C589467-C35D-43E8-AE06-9C0541DF2190", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E1B5E87-7D1E-45FD-894C-31167B80BEB1", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C2C095A-F606-4A7A-9836-EAA17A648E50", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE71A6A8-3E2A-4EC3-A719-0AC48B99C1F5", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C171799A-4FEE-43F4-A7EE-8B1A52828FF7", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF79779D-863D-4B8B-A4B4-BFD0F3528442", "versionEndIncluding": "1.16.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6210516-CB15-4099-B91E-63AE16C71B17", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "26A4612B-2370-42CA-8EC4-5C74382ABDA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA154861-7D17-4FF1-8326-6B01B1E4A624", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC895FDA-C846-4885-AADB-DED6EC868C3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E865089B-638A-491A-9527-EB1A21C9A3D9", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D7BBC3-6F43-47B5-81E2-431C8837BB3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-bl-ap-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A3DCCA5-38A5-4661-8EA5-5DB21C92DA56", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-bl-ap-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D38EC42-5C2E-4ACE-88A1-2890632E51DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B455D775-9B0E-4DCF-BDA6-0861F5C34362", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "17790AD1-5DE3-47F4-A16C-67C7DFE56128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE88298B-D13E-4B19-8C77-15FB57FC4A9A", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "23E4AE7D-CA1F-45FC-9D8F-725E71832D2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wl-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D71C498-B58B-4FDC-AA9F-508D61F03E8B", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wl-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DED5CF2-3B42-4D92-9647-AC54D07C6B20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weidmueller:ie-wlt-vl-ap-br-cl-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "16DA2FEB-D762-44C1-9C45-3FC6017CE1D7", "versionEndIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weidmueller:ie-wlt-vl-ap-br-cl-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "1209D9A9-D6AA-44C3-AD34-18C145851D5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."}, {"lang": "es", "value": "En los dispositivos Weidmueller Industrial WLAN en m\u00faltiples versiones, se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota explotable en la funcionalidad configuration parsing iw_webs. Una entrada de nombre de usuario especialmente dise\u00f1ada puede causar un desbordamiento de b\u00fafer de mensaje de error, resultando en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede enviar comandos mientras est\u00e1 autenticado como un usuario poco privilegiado para desencadenar esta vulnerabilidad"}], "id": "CVE-2021-33537", "lastModified": "2021-07-27T20:53:07.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-06-25T19:15:09.503", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-026"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}