4 matches found
CVE-2025-41663
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations...
CVE-2025-41663
The CVE-2025-41663 entry pertains to the Weidmueller IE-SR-2TX-WL industrial security router. Affected component is the u-link Management API, where an unauthenticated, man‑in‑the‑middle attacker can inject arbitrary commands in responses returned by WWH servers, leading to arbitrary command exec...
CVE-2025-41663 Weidmueller: Security routers IE-SR-2TX are affected by Command Injection
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations...
CVE-2025-41663 Weidmueller: Security routers IE-SR-2TX are affected by Command Injection
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would need to use insecure proxy configurations...