CVE-2021-33538

Name of the Vulnerable Software and Affected Versions Weidmueller Industrial WLAN devices (affected versions not specified)

Description The issue concerns an improper access control vulnerability in the account settings functionality of the device. Specifically, it affects the iw webs account settings. A specially crafted username entry can lead to the overwrite of an existing user account password, allowing remote shell access to the device as that user. An attacker, authenticated as a low-privilege user, can trigger this issue by sending specific commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.