VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 25, 2021· Updated Sep 16, 2024

WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability

CVE-2021-33528

Description

In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A low-privilege attacker can escape the restricted console to gain root access on Weidmueller Industrial WLAN devices.

Vulnerability

CVE-2021-33528 is a privilege escalation vulnerability in the iw_console functionality of multiple versions of Weidmueller Industrial WLAN devices. A specially crafted menu selection string can cause an escape from the restricted console, leading to system access as the root user [1].

Exploitation

An attacker must be authenticated as a low-privilege user to the device. By sending a specially crafted menu selection string within the iw_console interface, the attacker can trigger an escape from the restricted console environment, thereby executing commands with elevated privileges [1].

Impact

Successful exploitation allows the attacker to gain full system access as the root user, resulting in complete compromise of the device's confidentiality, integrity, and availability [1].

Mitigation

The advisory from CERT VDE recommends updating to the latest firmware version provided by the vendor. The fixed versions are listed in the advisory VDE-2021-026; users should consult the advisory and apply the update promptly. If no update is available for a particular device, workarounds should be implemented according to vendor guidelines [1].

References
  1. Advisories

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Weidmueller/Industrial WLANllm-fuzzy
  • Weidmüller/IE-WL(T)-BL-AP-CL-XXv5
    Range: IE-WL-BL-AP-CL-EU (2536600000)
  • Weidmüller/IE-WL(T)-VL-AP-CL-XXv5
    Range: IE-WL-VL-AP-BR-CL-EU (2536680000)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.