First published: Wed Jun 23 2021(Updated: )
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Weidmueller Ie-wl-bl-ap-cl-eu Firmware | <=1.16.18 | |
Weidmueller Ie-wl-bl-ap-cl-eu | ||
Weidmueller Ie-wlt-bl-ap-cl-eu Firmware | <=1.16.18 | |
Weidmueller Ie-wlt-bl-ap-cl-eu | ||
Weidmueller Ie-wl-bl-ap-cl-us Firmware | <=1.16.18 | |
Weidmueller Ie-wl-bl-ap-cl-us | ||
Weidmueller Ie-wlt-bl-ap-cl-us Firmware | <=1.16.18 | |
Weidmueller Ie-wlt-bl-ap-cl-us | ||
Weidmueller Ie-wl-vl-ap-br-cl-eu Firmware | <=1.16.18 | |
Weidmueller Ie-wl-vl-ap-br-cl-eu | ||
Weidmueller Ie-wlt-vl-ap-br-cl-eu Firmware | <=1.16.18 | |
Weidmueller Ie-wlt-vl-ap-br-cl-eu | ||
Weidmueller Ie-wl-vl-ap-br-cl-us Firmware | <=1.16.18 | |
Weidmueller Ie-wl-vl-ap-br-cl-us | ||
Weidmueller Ie-wlt-vl-ap-br-cl-us Firmware | <=1.16.18 | |
Weidmueller Ie-wlt-vl-ap-br-cl-us | ||
Weidmueller Ie-wl-bl-ap-cl-eu Firmware | <=1.11.10 | |
Weidmueller Ie-wlt-bl-ap-cl-eu Firmware | <=v1.11.10 | |
Weidmueller Ie-wl-bl-ap-cl-us Firmware | <=1.11.10 | |
Weidmueller Ie-wlt-bl-ap-cl-us Firmware | <=1.11.10 | |
Weidmueller Ie-wl-vl-ap-br-cl-eu Firmware | <=1.11.10 | |
Weidmueller Ie-wlt-vl-ap-br-cl-eu Firmware | <=1.11.10 | |
Weidmueller Ie-wl-vl-ap-br-cl-us Firmware | <=1.11.10 | |
Weidmueller Ie-wlt-vl-ap-br-cl-us Firmware | <=1.11.10 |
For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed. For IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33539 is a vulnerability in Weidmueller Industrial WLAN devices that allows an authentication bypass through hostname processing.
CVE-2021-33539 has a severity rating of 7.2 (high).
CVE-2021-33539 affects multiple versions of Weidmueller Industrial WLAN devices, allowing an attacker to bypass web authentication.
To fix CVE-2021-33539, users should apply the latest firmware update provided by Weidmueller.
More information about CVE-2021-33539 can be found on the VDE CERT website: https://cert.vde.com/en-us/advisories/vde-2021-026