Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).

Basic Information

ID CVE-2025-41684

Source CERTVDE

Published Jul 23, 2025 at 08:23

Modified Jul 23, 2025 at 14:04

Affected Product

Vendor Weidmueller

Product IE-SR-2TX-WL

Version V0.0

Affected Versions Weidmueller IE-SR-2TX-WL V0.0
Weidmueller IE-SR-2TX-WL-4G-EU V0.0
Weidmueller IE-SR-2TX-WL-4G-US-V V0.0

CWE Classification

CWE-78

References

certvde.com /de/advisories/VDE-2025-052

{
    "lastseen": "",
    "description": "An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).",
    "published": "2025-07-23T08:23:28.046Z",
    "modified": "2025-07-23T14:04:20.683Z",
    "type": "cve",
    "title": "Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-052",
    "id": "CVE-2025-41684",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Weidmueller IE-SR-2TX-WL V0.0\nWeidmueller IE-SR-2TX-WL-4G-EU V0.0\nWeidmueller IE-SR-2TX-WL-4G-US-V V0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IE-SR-2TX-WL",
    "version": "V0.0",
    "vendor": "Weidmueller",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint_CVE-2025-41684