CVE Details
Basic Information
| Title | Weidmueller: Root Command Injection via Unsanitized Input in tls_iotgen_setting Endpoint |
|---|---|
| Type | cve |
| Published | 2025-07-23T08:23:28.046Z |
| Modified | 2025-07-23T08:23:28.046Z |
Product Information
| Vendor | Weidmueller |
|---|---|
| Product | IE-SR-2TX-WL |
| Version | V0.0 |
CVSS Information
| Base Score | 8.8 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | An authenticated attacker can execute arbitrary commands with root privileges due to improper input sanitization in the Main Web Interface’s tls_iotgen_setting endpoint. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Weidmueller |
| AI Product | IE-SR-2TX-WL |
| AI Version | V0.0 |
Affected Products
- Weidmueller IE-SR-2TX-WL V0.0
- Weidmueller IE-SR-2TX-WL-4G-EU V0.0
- Weidmueller IE-SR-2TX-WL-4G-US-V V0.0
Additional Information
| CWE List | CWE-78 |
|---|---|
| Source | CERTVDE |
Description
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).