Vulnerabilities > Lannerinc > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-24 | CVE-2021-26733 | Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. | 7.5 |
| 2022-10-24 | CVE-2021-44467 | Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. | 7.5 |
| 2022-10-24 | CVE-2021-46279 | Session Fixation vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. | 8.8 |
| 2022-10-24 | CVE-2021-4228 | Use of Hard-coded Credentials vulnerability in Lannerinc Iac-Ast2500 Firmware 1.00.0 Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. | 7.4 |