CVE-2021-4228

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...

CVE-2021-44467

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...

CVE-2021-46279

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26730

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...

PT-2022-9793 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: The issue is related to command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb func function of spx restservice. This allows an...

Lanner IAC-AST2500A 缓冲区错误漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A buffer error vulnerability exists in the Lanner IAC-AST2500A standard firmware version...

CVE-2021-44769 TLS Certificate Generation Function Improper Input Validation

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...

PT-2022-11583 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.00.0 Description: The issue allows an attacker to perform Man-in-the-Middle MitM attacks, even when an HTTPS connection is present, due to the use of a hard-coded TLS certificate by default...

Lanner IAC-AST2500A 缓冲区错误漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A buffer error vulnerability exists in Lanner IAC-AST2500A standard firmware version 1.00.0,...

Lanner IAC-AST2500A 输入验证错误漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. An input validation error vulnerability exists in the Lanner IAC-AST2500A standard firmware...