WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability
Description
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Hard-coded encryption password in Weidmueller Industrial WLAN devices allows low-privileged users to create custom diagnostic scripts.
Vulnerability
An exploitable use of hard-coded credentials exists in multiple iw_* utilities in Weidmueller Industrial WLAN devices across multiple versions. The operating system contains an undocumented encryption password, enabling the creation of custom diagnostic scripts. [1]
Exploitation
An attacker must first authenticate as a low-privilege user. Once authenticated, they can send diagnostic scripts that leverage the hard-coded encryption password to create custom diagnostic scripts. [1]
Impact
Successful exploitation allows an attacker to create custom diagnostic scripts, potentially leading to unauthorized actions or further compromise of the device. The exact impact is not fully detailed in available references, but the use of hard-coded credentials could allow privilege escalation. [1]
Mitigation
No mitigation has been disclosed in the available references. Users should consult the vendor advisory for updates. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Weidmüller/IE-WL(T)-BL-AP-CL-XXv5Range: IE-WL-BL-AP-CL-EU (2536600000)
- Weidmüller/IE-WL(T)-VL-AP-CL-XXv5Range: IE-WL-VL-AP-BR-CL-EU (2536680000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-026mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.