Lucene search
K

190 matches found

CVE
CVE
added 2021/12/22 6:6 p.m.65 views

CVE-2021-21890

CVE-2021-21890 is a stack-based buffer overflow in Lantronix PremierWave 2050 Web Manager (FsBrowseClean) affecting version 8.9.0.0R4 (QEMU). The vulnerability arises from two vulnerable paths where an authenticated user’s POST parameters (action, path, dir) are assembled via unchecked sprintf in...

9.1CVSS9.5AI score0.02989EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.84 views

CVE-2021-21889

The CVE-2021-21889 entry pertains to Lantronix PremierWave 2050 Web Manager Ping handling in version 8.9.0.0R4 (QEMU). The TALOS-2021-1333 writeup details a stack-based buffer overflow in the Ping AJAX handler (ltrx_evo) caused by a vulnerable sprintf call writing into a fixed-size cmd buffer whe...

9.9CVSS9.7AI score0.02845EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.32 views

CVE-2021-21889

A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS10AI score0.02845EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.60 views

CVE-2021-21888

The CVE-2021-21888 issue affects Lantronix PremierWave 2050 Web Manager SslGenerateCertificate. TALOS details show the Web Manager builds an OpenSSL-related certificate generation command by concatenating user-supplied HTTP POST fields (e.g., c, st, l, o, ou, cn, expires) into a command string ex...

9.1CVSS9.3AI score0.03886EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.20 views

CVE-2021-21888

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

9.1CVSS9.6AI score0.03886EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.63 views

CVE-2021-21887

Summary: CVE-2021-21887 affects Lantronix PremierWave 2050 Web Manager (SslGenerateCSR). A stack-based buffer overflow arises from unbounded string concatenation in handling CSR fields via the POST parameter s, l, o, ou, cn, enabling an authenticated attacker with ssl permissions to overflow a st...

9.1CVSS9.5AI score0.02989EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.26 views

CVE-2021-21887

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.8AI score0.02989EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.63 views

CVE-2021-21885

The CVE-2021-21885 entry concerns Lantronix PremierWave 2050 Web Manager FsMove directory traversal. Talos reports an authenticated user can abuse FsMove to bypass path restrictions and move or expose files within the device filesystem (rooted at /ltrx_user/), via manipulated cwd and dst paramete...

7.2CVSS6.7AI score0.02386EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.28 views

CVE-2021-21885

A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS7AI score0.02386EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.56 views

CVE-2021-21886

CVE-2021-21886 affects Lantronix PremierWave 2050, version 8.9.0.0R4, via the Web Manager FSBrowsePage. An authenticated, unprivileged user can trigger a directory traversal by manipulating the dir parameter, potentially disclosing files under the device filesystem (rooted at /ltrx_user/). The vu...

4.3CVSS4.2AI score0.01876EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.58 views

CVE-2021-21884

CVE-2021-21884 affects Lantronix PremierWave 2050, specifically the Web Manager SslGenerateCSR feature. TALOS details a OS command-injection in the CSR generation flow: an authenticated user can submit crafted POST parameters (c, st, l, o, ou, cn, etc.) that are concatenated into a shell command ...

9.1CVSS9.3AI score0.05271EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.32 views

CVE-2021-21884

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.6AI score0.05271EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.36 views

CVE-2021-21883

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS9.8AI score0.06061EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.55 views

CVE-2021-21883

Lantronix PremierWave 2050 Web Manager Diagnostics: Ping is affected by an OS command injection (CVE-2021-21883). A specially crafted authenticated HTTP request can trigger execution of arbitrary OS commands with root privileges via the unsanitized host parameter used to build the nd ic6 command,...

9.9CVSS9.6AI score0.06061EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.24 views

CVE-2021-21882

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS9.1AI score0.06061EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.29 views

CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS9.8AI score0.37064EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.202 views

CVE-2021-21881

Lantronix PremierWave 2050 firmware 8.9.0.0R4 contains an OS command injection in the Web Manager Wireless Network Scanner. A specially crafted, authenticated HTTP request can trigger command execution, potentially enabling arbitrary commands and device compromise. The NUCLEI template confirms re...

9.9CVSS9.5AI score0.37064EPSS
In wildExploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.67 views

CVE-2021-21882

CVE-2021-21882 is an OS command injection in Lantronix PremierWave 2050 Web Manager FsUnmount. The Talos report details an authenticated attacker who can submit a crafted HTTP request to trigger arbitrary OS commands via unsanitized input used in two system calls (to /sbin/ltrx_usb_umount and mou...

9.9CVSS8.8AI score0.06061EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.84 views

CVE-2021-21880

CVE-2021-21880 affects Lantronix PremierWave 2050 Web Manager FsCopyFile, where an authenticated user can exploit a directory traversal in the FsCopyFile functionality to achieve local file inclusion. TALOS details show the vulnerability arises from improper sanitization of attacker-controlled HT...

7.2CVSS6.7AI score0.02386EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.57 views

CVE-2021-21879

The CVE-2021-21879 entry concerns Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability affecting version 8.9.0.0R4. TALOS-2021-1323 documents that an authenticated, unprivileged user can upload files into a restricted directory via two attacker-controlled HTTP form...

9.9CVSS8.6AI score0.03656EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder