Details of VAR-202106-1208

ID

VAR-202106-1208

CVE

CVE-2021-33539

TITLE

plural Weidmueller Industrial WLAN Authentication vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-008533

DESCRIPTION

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. plural Weidmueller Industrial WLAN There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany. Attackers can use this vulnerability to bypass Web authentication

Trust: 2.16

sources: NVD: CVE-2021-33539 // JVNDB: JVNDB-2021-008533 // CNVD: CNVD-2021-48142

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-48142

AFFECTED PRODUCTS

vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	v1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	lte	version:	1.11.10	Trust: 1.0
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	lte	version:	1.16.18	Trust: 1.0
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us	scope:	-	version:	-	Trust: 0.8
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-us (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-bl-ap-cl-eu (build	scope:	lte	version:	<=v1.16.1818081617)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-eu (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wl-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6
vendor:	weidmueller	model:	ie-wlt-vl-ap-br-cl-us (build	scope:	lte	version:	<=v1.11.1018122616)	Trust: 0.6

sources: CNVD: CNVD-2021-48142 // JVNDB: JVNDB-2021-008533 // NVD: CVE-2021-33539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33539
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2021-33539
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33539
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-48142
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1754
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-33539
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-48142
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33539
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-008533
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-48142 // JVNDB: JVNDB-2021-008533 // CNNVD: CNNVD-202106-1754 // NVD: CVE-2021-33539 // NVD: CVE-2021-33539

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008533 // NVD: CVE-2021-33539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1754

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-1754

PATCH

title:	Top Page	url:	https://www.weidmueller.com/int/index.jsp	Trust: 0.8
title:	Patch for Weidmueller Industrial WLAN devices authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/277176	Trust: 0.6

sources: CNVD: CNVD-2021-48142 // JVNDB: JVNDB-2021-008533

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33539	Trust: 3.8
db:	CERT@VDE	id:	VDE-2021-026	Trust: 2.4
db:	JVNDB	id:	JVNDB-2021-008533	Trust: 0.8
db:	CNVD	id:	CNVD-2021-48142	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1754	Trust: 0.6

sources: CNVD: CNVD-2021-48142 // JVNDB: JVNDB-2021-008533 // CNNVD: CNNVD-202106-1754 // NVD: CVE-2021-33539

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2021-026	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33539	Trust: 1.4

sources: CNVD: CNVD-2021-48142 // JVNDB: JVNDB-2021-008533 // CNNVD: CNNVD-202106-1754 // NVD: CVE-2021-33539

SOURCES

db:	CNVD	id:	CNVD-2021-48142
db:	JVNDB	id:	JVNDB-2021-008533
db:	CNNVD	id:	CNNVD-202106-1754
db:	NVD	id:	CVE-2021-33539

LAST UPDATE DATE

2024-08-14T13:23:31.393000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-48142	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008533	date:	2022-03-18T06:30:00
db:	CNNVD	id:	CNNVD-202106-1754	date:	2021-07-01T00:00:00
db:	NVD	id:	CVE-2021-33539	date:	2021-07-27T20:52:47.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-48142	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008533	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202106-1754	date:	2021-06-25T00:00:00
db:	NVD	id:	CVE-2021-33539	date:	2021-06-25T19:15:09.633