CVEs-PoC/2021/CVE-2021-33532.md

CVE-2021-33532

Description

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

POC

Reference

• https://cert.vde.com/en-us/advisories/vde-2021-026

Github

No PoCs found on GitHub currently.