190 matches found
CVE-2021-21890
CVE-2021-21890 is a stack-based buffer overflow in Lantronix PremierWave 2050 Web Manager (FsBrowseClean) affecting version 8.9.0.0R4 (QEMU). The vulnerability arises from two vulnerable paths where an authenticated user’s POST parameters (action, path, dir) are assembled via unchecked sprintf in...
CVE-2021-21889
The CVE-2021-21889 entry pertains to Lantronix PremierWave 2050 Web Manager Ping handling in version 8.9.0.0R4 (QEMU). The TALOS-2021-1333 writeup details a stack-based buffer overflow in the Ping AJAX handler (ltrx_evo) caused by a vulnerable sprintf call writing into a fixed-size cmd buffer whe...
CVE-2021-21889
A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21888
The CVE-2021-21888 issue affects Lantronix PremierWave 2050 Web Manager SslGenerateCertificate. TALOS details show the Web Manager builds an OpenSSL-related certificate generation command by concatenating user-supplied HTTP POST fields (e.g., c, st, l, o, ou, cn, expires) into a command string ex...
CVE-2021-21888
An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
CVE-2021-21887
Summary: CVE-2021-21887 affects Lantronix PremierWave 2050 Web Manager (SslGenerateCSR). A stack-based buffer overflow arises from unbounded string concatenation in handling CSR fields via the POST parameter s, l, o, ou, cn, enabling an authenticated attacker with ssl permissions to overflow a st...
CVE-2021-21887
A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21885
The CVE-2021-21885 entry concerns Lantronix PremierWave 2050 Web Manager FsMove directory traversal. Talos reports an authenticated user can abuse FsMove to bypass path restrictions and move or expose files within the device filesystem (rooted at /ltrx_user/), via manipulated cwd and dst paramete...
CVE-2021-21885
A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21886
CVE-2021-21886 affects Lantronix PremierWave 2050, version 8.9.0.0R4, via the Web Manager FSBrowsePage. An authenticated, unprivileged user can trigger a directory traversal by manipulating the dir parameter, potentially disclosing files under the device filesystem (rooted at /ltrx_user/). The vu...
CVE-2021-21884
CVE-2021-21884 affects Lantronix PremierWave 2050, specifically the Web Manager SslGenerateCSR feature. TALOS details a OS command-injection in the CSR generation flow: an authenticated user can submit crafted POST parameters (c, st, l, o, ou, cn, etc.) that are concatenated into a shell command ...
CVE-2021-21884
An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21883
An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21883
Lantronix PremierWave 2050 Web Manager Diagnostics: Ping is affected by an OS command injection (CVE-2021-21883). A specially crafted authenticated HTTP request can trigger execution of arbitrary OS commands with root privileges via the unsanitized host parameter used to build the nd ic6 command,...
CVE-2021-21882
An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21881
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21881
Lantronix PremierWave 2050 firmware 8.9.0.0R4 contains an OS command injection in the Web Manager Wireless Network Scanner. A specially crafted, authenticated HTTP request can trigger command execution, potentially enabling arbitrary commands and device compromise. The NUCLEI template confirms re...
CVE-2021-21882
CVE-2021-21882 is an OS command injection in Lantronix PremierWave 2050 Web Manager FsUnmount. The Talos report details an authenticated attacker who can submit a crafted HTTP request to trigger arbitrary OS commands via unsanitized input used in two system calls (to /sbin/ltrx_usb_umount and mou...
CVE-2021-21880
CVE-2021-21880 affects Lantronix PremierWave 2050 Web Manager FsCopyFile, where an authenticated user can exploit a directory traversal in the FsCopyFile functionality to achieve local file inclusion. TALOS details show the vulnerability arises from improper sanitization of attacker-controlled HT...
CVE-2021-21879
The CVE-2021-21879 entry concerns Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability affecting version 8.9.0.0R4. TALOS-2021-1323 documents that an authenticated, unprivileged user can upload files into a restricted directory via two attacker-controlled HTTP form...