4 matches found
CVE-2021-21874
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Lantronix PremierWave 2050 Multiple Vulnerabilities (CVE-2021-21872; CVE-2021-21873; CVE-2021-21874; CVE-2021-21875; CVE-2021-21881; CVE-2021-21882; CVE-2021-21883; CVE-2021-21884; CVE-2021-21888)
Multiple vulnerabilities exist in Lantronix PremierWave 2050. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2021-21874
Lantronix PremierWave 2050 Web Manager SSL Credential Upload contains OS command injection vulnerabilities, including CVE-2021-21874 (DSA keypasswd). TALOS-2021-1314 documents multiple authenticated HTTP POST parameter injections (keypasswd) that inject into OpenSSL commands and execute with root...
Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...