WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability
Description
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker can trigger an integer underflow in Weidmueller Industrial WLAN devices' ServiceAgent, causing a denial-of-service via a crafted packet.
Vulnerability
An exploitable denial-of-service vulnerability exists in the ServiceAgent functionality of multiple versions of Weidmueller Industrial WLAN devices. A specially crafted network packet can cause an integer underflow, which triggers a large memcpy operation that accesses unmapped or out-of-bounds memory. The vulnerable code path is reachable without authentication [1].
Exploitation
An attacker can send a specially crafted packet to the affected device over the network without any prior authentication. No special network position or user interaction is required. The packet causes an integer underflow in the ServiceAgent, leading to a large memcpy that reads from or writes to unmapped or out-of-bounds memory [1].
Impact
Successful exploitation results in a denial-of-service condition, as the memory access violation crashes the service or the device itself. The attacker does not gain code execution or data access; the impact is limited to availability [1].
Mitigation
The advisory from VDE (VDE-2021-026) does not disclose a fixed version or release date at the time of publication. Users should monitor the vendor's security advisories for updates. No workarounds are provided in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Weidmüller/IE-WL(T)-BL-AP-CL-XXv5Range: IE-WL-BL-AP-CL-EU (2536600000)
- Weidmüller/IE-WL(T)-VL-AP-CL-XXv5Range: IE-WL-VL-AP-BR-CL-EU (2536680000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-026mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.