2 matches found
CVE-2021-21885
A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21885
The CVE-2021-21885 entry concerns Lantronix PremierWave 2050 Web Manager FsMove directory traversal. Talos reports an authenticated user can abuse FsMove to bypass path restrictions and move or expose files within the device filesystem (rooted at /ltrx_user/), via manipulated cwd and dst paramete...