Weidmueller IE-SR-2TX Routers Stack-Based Buffer Overflow Vulnerability in Management API

A stack-based buffer overflow vulnerability has been identified in the u-link Management API of Weidmueller security routers IE-SR-2TX. This vulnerability allows an unauthenticated remote attacker to gain full access to the affected devices. The issue is present in the IE-SR-2TX-WL, IE-SR-2TX-WL-4G-EU, and IE-SR-2TX-WL-4G-US-V models, with various versions prior to the specified fixed versions being vulnerable.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device with root privileges.

Remediation

Users are advised to update to version 1.49 for the IE-SR-2TX-WL model and version 1.62 for the IE-SR-2TX-WL-4G-EU and IE-SR-2TX-WL-4G-US-V models. Weidmueller also recommends changing default passwords and minimizing network exposure by limiting access to trusted networks.