Back to overview

Welotec: Two vulnerabilities in TK500v1 router series

VDE-2024-009
Last update
05/14/2025 14:28
Published at
04/09/2024 10:00
Vendor(s)
Welotec GmbH
External ID
VDE-2024-009
CSAF Document
Download

Summary

Welotec has closed two vulnerabilities in the TK500v1 router series and advises to update the routers to firmware version r5542 or later. An exploitation of the vulnerabilities can allow an attacker to manipulate the device.

Impact

Affected Product(s)

Model no. Product name Affected versions
6912TK515L00 Welotec Hardware Router TK500v1 TK515L Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK515L0S Welotec Hardware Router TK500v1 TK515L Set Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK515WS Welotec Hardware Router TK500v1 TK515L-W Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK515WS Welotec Hardware Router TK500v1 TK515L-W Set Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525L00 Welotec Hardware Router TK500v1 TK525L Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525L0S Welotec Hardware Router TK500v1 TK525L Set Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525LW Welotec Hardware Router TK500v1 TK525L-W Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525LS Welotec Hardware Router TK500v1 TK525L-W Set Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525U00 Welotec Hardware Router TK500v1 TK525U Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525U0S Welotec Hardware Router TK500v1 TK525U Set Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525W00 Welotec Hardware Router TK500v1 TK525W Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK525W0S Welotec Hardware Router TK500v1 TK525W Set Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK535L00 Welotec Hardware Router TK500v1 TK535L1 Welotec Firmware Router TK500v1 <v2.3.0.r5542
6912TK535L0S Welotec Hardware Router TK500v1 TK535L1 Set Welotec Firmware Router TK500v1 <v2.3.0.r5542

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Access Control (CWE-284)
References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
References
cve.org | nvd.nist.gov

Remediation

Update the product to firmware v2.3.0.r5542 or later.

Revision History

Version Date Summary
1 06/07/2023 12:00 initial revision
2 06/04/2024 12:00 Minor typo changes. Reorder Products and Branches. Duplicate remediation from document notes to the vulnerabilities.
3 11/06/2024 12:27 Fix: correct certvde domain, added self-reference
4 05/14/2025 14:28 Fix: firmware category, added distribution, version space