cve/2021/CVE-2021-33537.md

CVE-2021-33537

Description

In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

POC

Reference

• https://cert.vde.com/en-us/advisories/vde-2021-026

Github

No PoCs found on GitHub currently.