Vulnerabilities > Lannerinc

DATE CVE VULNERABILITY TITLE RISK
2022-10-24 CVE-2021-26727 Out-of-bounds Write vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).
network
low complexity
lannerinc CWE-787
critical
9.8
2022-10-24 CVE-2021-26728 Out-of-bounds Write vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).
network
low complexity
lannerinc CWE-787
critical
9.8
2022-10-24 CVE-2021-26729 Out-of-bounds Write vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).
network
low complexity
lannerinc CWE-787
critical
9.8
2022-10-24 CVE-2021-26730 Out-of-bounds Write vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root).
network
low complexity
lannerinc CWE-787
critical
9.8
2022-10-24 CVE-2021-26731 Out-of-bounds Write vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root).
network
low complexity
lannerinc CWE-787
critical
9.8
2022-10-24 CVE-2021-26732 Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC.
network
low complexity
lannerinc
5.3
2022-10-24 CVE-2021-26733 Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition.
network
low complexity
lannerinc
7.5
2022-10-24 CVE-2021-44467 Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed.
network
low complexity
lannerinc
7.5
2022-10-24 CVE-2021-44769 Improper Input Validation vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset.
network
low complexity
lannerinc CWE-20
6.5
2022-10-24 CVE-2021-44776 Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities.
network
low complexity
lannerinc
5.3