WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability
Description
In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated low-privilege users can trigger a buffer overflow in Weidmueller Industrial WLAN devices' iw_webs configuration parser, leading to remote code execution.
Vulnerability
In Weidmueller Industrial WLAN devices (multiple versions), the iw_webs configuration parsing functionality contains a buffer overflow vulnerability. A specially crafted user name entry can cause an overflow of an error message buffer, leading to remote code execution [1]. The affected versions are not explicitly listed in the available reference, but the advisory covers multiple versions.
Exploitation
An attacker must first authenticate as a low-privilege user to the device. Once authenticated, the attacker can send a specially crafted user name entry during configuration parsing. This triggers a buffer overflow in the error message buffer, allowing the attacker to execute arbitrary code [1].
Impact
Successful exploitation results in remote code execution with the privileges of the affected process. The attacker can gain full control over the device, potentially leading to complete compromise of confidentiality, integrity, and availability.
Mitigation
As of the publication date (2021-06-25), no specific fix version or workaround has been disclosed in the available reference [1]. Users are advised to monitor the vendor's advisory for updates and apply patches when available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Weidmüller/IE-WL(T)-BL-AP-CL-XXv5Range: IE-WL-BL-AP-CL-EU (2536600000)
- Weidmüller/IE-WL(T)-VL-AP-CL-XXv5Range: IE-WL-VL-AP-BR-CL-EU (2536680000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-026mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.