Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2022/10/24 2:15 p.m.1 views

CVE-2021-44467

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...

7.5CVSS5.8AI score0.00237EPSS
Exploits0References2
OSV
OSVadded 2022/10/24 2:15 p.m.1 views

CVE-2021-26728

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsrfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

9.8CVSS6.4AI score0.03475EPSS
Exploits0References2
Prion
Prionadded 2022/10/24 2:15 p.m.14 views

Stack overflow

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsrfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

7.5CVSS9.9AI score0.03475EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2022/10/24 2:15 p.m.13 views

Improper access control

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5CVSS7.4AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/10/24 12:0 a.m.13 views

CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...

5.3CVSS7.6AI score0.00237EPSS
Exploits0References2
CVE
CVEadded 2022/10/24 12:0 a.m.62 views

CVE-2021-44467

CVE-2021-44467 affects Lanner IAC-AST2500A standard firmware 1.10.0 and involves a broken access control in spx_restservice KillDupUsr_func that can terminate other users’ active sessions, enabling DoS. Some sources note it could be chained with CVE-2021-26728 to enable remote code execution with...

7.5CVSS6.3AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/10/24 12:0 a.m.12 views

CVE-2021-26728 spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsrfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

10CVSS10AI score0.03475EPSS
Exploits0References2
CVE
CVEadded 2022/10/24 12:0 a.m.58 views

CVE-2021-26728

CVE-2021-26728 affects Lanner IAC-AST2500A standard firmware 1.10.0. The issue resides in KillDupUsr_func within spx_restservice, enabling command injection and stack-based (and heap-based per CNNVD) buffering flaws that could allow an attacker to execute arbitrary code with root privileges on th...

10CVSS10AI score0.03475EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder