VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 25, 2021· Updated Sep 16, 2024

WEIDMUELLER: WLAN devices affected by improper access control vulnerability

CVE-2021-33538

Description

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper access control in Weidmueller Industrial WLAN devices allows low-privilege users to overwrite account passwords, enabling remote shell access.

Vulnerability

In Weidmueller Industrial WLAN devices (multiple versions), the iw_webs account settings functionality contains an improper access control vulnerability. A specially crafted user name entry can cause the overwrite of an existing user account password. This allows an attacker to gain remote shell access as that user. Affected versions are not explicitly listed but cover multiple versions.

Exploitation

An attacker must be authenticated as a low privilege user on the device. They can send commands to trigger the vulnerability by providing a crafted user name in the account settings functionality. No additional network position or user interaction is required beyond authentication.

Impact

Successful exploitation results in the overwrite of an existing user account password, granting the attacker remote shell access to the device as that user. The attacker gains the privileges of the overwritten user, potentially leading to full device compromise.

Mitigation

Not yet disclosed in the available references [1]. Users should monitor vendor advisories for updates.

References
  1. Advisories

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Weidmueller/Industrial WLANllm-fuzzy
  • Weidmüller/IE-WL(T)-BL-AP-CL-XXv5
    Range: IE-WL-BL-AP-CL-EU (2536600000)
  • Weidmüller/IE-WL(T)-VL-AP-CL-XXv5
    Range: IE-WL-VL-AP-BR-CL-EU (2536680000)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.