CVE-2021-4228

2022-10-2414:15:50

CWE-798

CWE-321

[email protected]

web.nvd.nist.gov

cve-2021-4228

tls

certificate

mitm

lanner inc

iac-ast2500a

firmware

security vulnerability

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.

Affected configurations

NVD

Node

lannerinciac-ast2500Match-

AND

lannerinciac-ast2500_firmwareMatch1.00.0

CPENameOperatorVersion
lannerinc:iac-ast2500_firmwarelannerinc iac-ast2500 firmwareeq1.00.0

CPE	Name	Operator	Version
lannerinc:iac-ast2500_firmware	lannerinc iac-ast2500 firmware	eq	1.00.0

CNA Affected

[
  {
    "vendor": "Lanner Inc",
    "product": "IAC-AST2500A",
    "versions": [
      {
        "version": "1.00.0",
        "status": "affected"
      }
    ]
  }
]