mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
37d158912b
CVE-2021-33528, CVE-2021-33529, CVE-2021-33530, CVE-2021-33531, CVE-2021-33532, CVE-2021-33533, CVE-2021-33534, CVE-2021-33535, CVE-2021-33536, CVE-2021-33537, CVE-2021-33538, CVE-2021-33539 from VDE-2021-026
140 lines
6.0 KiB
JSON
140 lines
6.0 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "info@cert.vde.com",
|
|
"DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
|
|
"ID": "CVE-2021-33537",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "IE-WL(T)-BL-AP-CL-XX",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
|
|
"version_value": "V1.16.18 (Build 18081617)"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
|
|
"version_value": "V1.16.18 (Build 18081617)"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WL-BL-AP-CL-US (2536660000)",
|
|
"version_value": "V1.16.18 (Build 18081617)"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
|
|
"version_value": "V1.16.18 (Build 18081617)"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "IE-WL(T)-VL-AP-CL-XX",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
|
|
"version_value": "V1.11.10 (Build 18122616)"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
|
|
"version_value": "V1.11.10 (Build 18122616)"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
|
|
"version_value": "V1.11.10 (Build 18122616)"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
|
|
"version_value": "V1.11.10 (Build 18122616)"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Weidmüller"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-120 Buffer Overflow"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "VDE-2021-026",
|
|
"defect": [
|
|
"VDE-2021-026"
|
|
],
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |