Stack overflow

2022-10-2414:15:00

PRIOn knowledge base

www.prio-n.com

command injection

stack-based buffer overflows

vulnerabilities

privilege escalation

firmware

lanner inc

iac-ast2500a

nvd

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CPENameOperatorVersion
iac-ast2500a_firmwareeq1.10.0

CPE	Name	Operator	Version
	iac-ast2500a_firmware	eq	1.10.0

References

www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/

www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26731/