WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
Description
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in Weidmueller Industrial WLAN devices allows authenticated low-privilege attackers to execute arbitrary commands via a specially crafted diagnostic script file name.
Vulnerability
The vulnerability is a command injection in the iw_webs functionality of Weidmueller Industrial WLAN devices (multiple versions). A specially crafted diagnostic script file name causes user input to be reflected in a subsequent iw_system call, allowing injection of arbitrary commands. The affected versions are not specified beyond "multiple versions" in the advisory.
Exploitation
An attacker must be authenticated as a low-privilege user on the device. The attacker sends a specially crafted diagnostic script file name that includes malicious commands. This input is then passed to the iw_system function, which executes the injected commands. No additional user interaction is required beyond the initial authentication.
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the device, leading to full remote control. The attacker can achieve command execution with the privileges of the iw_system call, effectively gaining root-level access to the device. This compromises confidentiality, integrity, and availability.
Mitigation
No fix has been publicly disclosed in the available references. Users should monitor vendor advisories for updates. As a workaround, restrict network access to the device and limit low-privilege user accounts.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: multiple versions
- Weidmüller/IE-WL(T)-BL-AP-CL-XXv5Range: IE-WL-BL-AP-CL-EU (2536600000)
- Weidmüller/IE-WL(T)-VL-AP-CL-XXv5Range: IE-WL-VL-AP-BR-CL-EU (2536680000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-026mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.