WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability
Description
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in Weidmueller Industrial WLAN devices' hostname functionality allows authenticated high-privilege attackers to execute arbitrary system commands, leading to full device compromise.
Vulnerability
A command injection vulnerability exists in the hostname functionality of multiple versions of Weidmueller Industrial WLAN devices. The vulnerability is documented in VDE advisory [1]. An attacker who is authenticated as a high-privilege user can inject arbitrary system commands by providing a specially crafted entry to network configuration information. The affected versions include various models and firmware versions, as noted in the advisory.
Exploitation
To exploit this vulnerability, an attacker must have network access to the device and be authenticated with high-privilege credentials. The attacker then sends a crafted request to modify the network configuration, specifically the hostname field, which is not properly sanitized. This triggers command injection, allowing the attacker to execute arbitrary system commands on the device.
Impact
Successful exploitation grants the attacker full control of the device. This includes the ability to execute arbitrary commands with system-level privileges, leading to complete compromise of confidentiality, integrity, and availability of the device and potentially the network it serves.
Mitigation
As of the publication date (2021-06-25), no specific fix version has been disclosed in the available references. Users are advised to contact Weidmueller for updated firmware or apply network segmentation and access controls to limit exposure. The device may be listed in CISA's Known Exploited Vulnerabilities catalog if applicable; check for updates.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Weidmüller/IE-WL(T)-BL-AP-CL-XXv5Range: IE-WL-BL-AP-CL-EU (2536600000)
- Weidmüller/IE-WL(T)-VL-AP-CL-XXv5Range: IE-WL-VL-AP-BR-CL-EU (2536680000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-026mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.