CVE Details
Basic Information
| Title | Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint |
|---|---|
| Type | cve |
| Published | 2025-07-23T08:22:48.380Z |
| Modified | 2025-07-23T08:22:48.380Z |
Product Information
| Vendor | Weidmueller |
|---|---|
| Product | IE-SR-2TX-WL |
| Version | V0.0 |
CVSS Information
| Base Score | 8.8 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper input sanitization in the event_mail_test endpoint. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Weidmueller |
| AI Product | IE-SR-2TX-WL |
| AI Version | V0.0 |
Affected Products
- Weidmueller IE-SR-2TX-WL V0.0
- Weidmueller IE-SR-2TX-WL-4G-EU V0.0
- Weidmueller IE-SR-2TX-WL-4G-US-V V0.0
Additional Information
| CWE List | CWE-78 |
|---|---|
| Source | CERTVDE |
Description
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).