CVE-2021-33533

Name of the Vulnerable Software and Affected Versions Weidmueller Industrial WLAN devices (affected versions not specified)

Description A command injection issue exists in the iw webs functionality, allowing an attacker to gain remote control over the device. This can be triggered by a specially crafted iw serverip parameter, which causes user input to be reflected in a subsequent iw system call. An attacker can exploit this issue while authenticated as a low-privilege user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.