Lucene search

[email protected]NVD:CVE-2021-26731

HistoryOct 24, 2022 - 2:15 p.m.

CVE-2021-26731

2022-10-2414:15:48

CWE-121

CWE-94

CWE-77

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-26731

command injection

buffer overflows

modifyuserb_func

arbitrary code execution

lanner inc

iac-ast2500a

standard firmware

version 1.10.0

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.6%

JSON

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Affected configurations

Nvd

Node

lannerinciac-ast2500a_firmwareMatch1.10.0

AND

lannerinciac-ast2500aMatch-

VendorProductVersionCPE
lannerinciac-ast2500a_firmware1.10.0cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*
lannerinciac-ast2500a-cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lannerinc	iac-ast2500a_firmware	1.10.0	cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:::::::*
lannerinc	iac-ast2500a	-	cpe:2.3:h:lannerinc:iac-ast2500a:-:::::::*

References

www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/

www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26731/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.6%

JSON

Related for NVD:CVE-2021-26731

cvelist1 cve1 prion1