Lucene search
K

118 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 3:35 a.m.15 views

CVE-2021-26731

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware...

9.8CVSS8.2AI score0.02308EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/11/28 10:7 a.m.47 views

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Over a dozen security flaws have been discovered in baseboard management controller BMC firmware from Lanner that could expose operational technology OT and internet of things IoT networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip SoC, that's found in serv...

10CVSS0.7AI score0.09946EPSS
Exploits0
OSV
OSV
added 2022/10/24 2:15 p.m.5 views

CVE-2021-4228

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...

7.4CVSS5.8AI score0.09946EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.25 views

CVE-2021-4228

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...

7.4CVSS0.09946EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.22 views

CVE-2021-44769

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

6.5CVSS0.00418EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.31 views

CVE-2021-44776

A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

6.5CVSS0.00443EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.6 views

CVE-2021-44776

A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.3CVSS5.8AI score0.00443EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.22 views

CVE-2021-46279

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

8.8CVSS0.00399EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.4 views

CVE-2021-44769

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

6.5CVSS5.8AI score0.00418EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.6 views

CVE-2021-46279

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

8.8CVSS5.8AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.4 views

CVE-2021-44467

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...

7.5CVSS5.8AI score0.00652EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.4 views

CVE-2021-45925

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.3CVSS5.8AI score0.00505EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.30 views

CVE-2021-45925

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.3CVSS0.00505EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.29 views

CVE-2021-26728

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsrfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

10CVSS0.02285EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.19 views

CVE-2021-26733

A broken access control vulnerability in the FirstResethandlerfunc function of spxrestservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service DoS condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

7.5CVSS0.00652EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.34 views

CVE-2021-26729

Command injection and multiple stack-based buffer overflows vulnerabilities in the Loginhandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

10CVSS0.02285EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.7 views

CVE-2021-26733

A broken access control vulnerability in the FirstResethandlerfunc function of spxrestservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service DoS condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

7.5CVSS5.8AI score0.00652EPSS
Exploits0References2
NVD
NVD
added 2022/10/24 2:15 p.m.27 views

CVE-2021-26730

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

10CVSS0.00978EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.5 views

CVE-2021-26728

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsrfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

9.8CVSS6.4AI score0.02285EPSS
Exploits0References2
OSV
OSV
added 2022/10/24 2:15 p.m.7 views

CVE-2021-26727

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...

9.8CVSS6.4AI score0.02285EPSS
Exploits0References2
Rows per page
Query Builder