Weidmueller IE-SR-2TX Security Routers Command Injection Vulnerability Allowing Root Privilege Escalation
Vulnerability
A command injection vulnerability has been identified in Weidmueller security routers IE-SR-2TX, specifically in the Main Web Interface's event_mail_test endpoint. This vulnerability allows authenticated remote attackers to execute arbitrary commands with root privileges on the affected devices. The issue arises from inadequate input sanitization, which fails to properly validate user input before processing it.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the affected device with root privileges.
Remediation
Users are advised to update to version 1.49 for the IE-SR-2TX-WL model and version 1.62 for the IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V models. Weidmueller also recommends changing default passwords and limiting network exposure by restricting access to trusted networks.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.