| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| IE-SR-2TX-WL | < V1.49 | |
| IE-SR-2TX-WL-4G-EU | < V1.62 | |
| IE-SR-2TX-WL-4G-US-V | < V1.62 |
Weidmueller security routers IE-SR-2TX are affected by multiple vulnerabilities (CVE-2025-41661, CVE-2025-41662, CVE-2025-41663).
Weidmueller has released new firmware versions of the affected products to fix the vulnerabilities.
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint event_mail_test).
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint tls_iotgen_setting).
An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges.
Weidmueller security routers are vulnerable to multiple vulnerabilities, that may lead to execution of arbitrary commands on affected devices with root privileges.
Further information can be found under vulnerability details.
Remediation
Update to the new version as listed in the following table:
| Product | Affected Version | Fixed Version |
| IE-SR-2TX-WL |
<V1.49 |
V1.49 |
| IE-SR-2TX-WL-4G-EU |
<V1.62 | V1.62 |
| IE-SR-2TX-WL-4G-US-V |
<V1.62 | V1.62 |
CERT@VDE coordinated with Weidmueller
Weidmueller thanks ONEKEY Research Labs for Coordinated Disclosure