Improper access control

2021-06-2519:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CPENameOperatorVersion
ie-wl-bl-ap-cl-eu_firmwarele1.16.18
ie-wl-bl-ap-cl-eu_firmwarele1.11.10
ie-wl-bl-ap-cl-us_firmwarele1.16.18
ie-wl-bl-ap-cl-us_firmwarele1.11.10
ie-wl-vl-ap-br-cl-eu_firmwarele1.16.18
ie-wl-vl-ap-br-cl-eu_firmwarele1.11.10
ie-wl-vl-ap-br-cl-us_firmwarele1.16.18
ie-wl-vl-ap-br-cl-us_firmwarele1.11.10
ie-wlt-bl-ap-cl-eu_firmwarele1.16.18
ie-wlt-bl-ap-cl-eu_firmwarele1.11.10

Name	Operator	Version
ie-wl-bl-ap-cl-eu_firmware	le	1.16.18
ie-wl-bl-ap-cl-eu_firmware	le	1.11.10
ie-wl-bl-ap-cl-us_firmware	le	1.16.18
ie-wl-bl-ap-cl-us_firmware	le	1.11.10
ie-wl-vl-ap-br-cl-eu_firmware	le	1.16.18
ie-wl-vl-ap-br-cl-eu_firmware	le	1.11.10
ie-wl-vl-ap-br-cl-us_firmware	le	1.16.18
ie-wl-vl-ap-br-cl-us_firmware	le	1.11.10
ie-wlt-bl-ap-cl-eu_firmware	le	1.16.18
ie-wlt-bl-ap-cl-eu_firmware	le	1.11.10

Rows per page:

1-10 of 161

References

cert.vde.com/en-us/advisories/vde-2021-026