WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
Description
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in Weidmueller Industrial WLAN devices allows authenticated low-privilege users to execute arbitrary commands via crafted diagnostic scripts.
Vulnerability
In Weidmueller Industrial WLAN devices across multiple versions, an exploitable command injection vulnerability exists in the encrypted diagnostic script functionality. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed. The affected versions are not explicitly enumerated in the available references, but the vulnerability is present in multiple device versions.
Exploitation
An attacker must be authenticated as a low-privilege user to the device. The attacker then sends a specially crafted diagnostic script file, which is processed by the device's encrypted diagnostic script functionality. This triggers the injection of arbitrary busybox commands, leading to remote control over the device.
Impact
Successful exploitation allows the attacker to execute arbitrary busybox commands on the device, resulting in full remote control. This compromises the confidentiality, integrity, and availability of the device and potentially the network it is connected to.
Mitigation
No fix or workaround is disclosed in the available references. Users are advised to monitor vendor advisories for updates. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Weidmüller/IE-WL(T)-BL-AP-CL-XXv5Range: IE-WL-BL-AP-CL-EU (2536600000)
- Weidmüller/IE-WL(T)-VL-AP-CL-XXv5Range: IE-WL-VL-AP-BR-CL-EU (2536680000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-026mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.