5 matches found
CVE-2021-45925
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-45925 Username Enumeration
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
PT-2022-9795 · Lanner · Lanner Inc Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control issue in the FirstReset handler func function of spx restservice allows an attacker to send arbitrary reboot commands to the BMC, resulting in a...
CVE-2021-4228 Hard-coded TLS Certificate
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...
CVE-2021-26730 spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...