CVE-2021-33532

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Source: CVE-2021-33532

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다