Premierwave 2050 Firmware Security Vulnerabilities and Issues — Premierwave 2050 Firmware CVE List

Lucene search

LantronixPremierwave 2050 Firmware

23 matches found

CVE•added 2021/12/22 7:15 p.m.•145 views

CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.9CVSS9.5AI score0.9306EPSS

CVE•added 2021/12/22 7:15 p.m.•65 views

CVE-2021-21889

A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.9CVSS9.7AI score0.03721EPSS

CVE•added 2021/12/22 7:15 p.m.•64 views

CVE-2021-21880

A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

7.2CVSS6.7AI score0.00267EPSS

CVE•added 2021/12/22 7:15 p.m.•55 views

CVE-2021-21882

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.9CVSS8.8AI score0.03544EPSS

CVE•added 2021/12/22 7:15 p.m.•55 views

CVE-2021-21891

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authe...

9.1CVSS9.5AI score0.02951EPSS

CVE•added 2021/12/22 7:15 p.m.•54 views

CVE-2021-21894

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vuln...

9.1CVSS8.9AI score0.00944EPSS

CVE•added 2021/12/22 7:15 p.m.•49 views

CVE-2021-21877

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

9.1CVSS9.2AI score0.00703EPSS

CVE•added 2021/12/22 7:15 p.m.•47 views

CVE-2021-21887

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.1CVSS9.5AI score0.02951EPSS

CVE•added 2021/12/22 7:15 p.m.•46 views

CVE-2021-21884

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.1CVSS9.3AI score0.02857EPSS

CVE•added 2021/12/22 7:15 p.m.•45 views

CVE-2021-21888

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulner...

9.1CVSS9.3AI score0.01478EPSS

CVE•added 2021/12/22 7:15 p.m.•45 views

CVE-2021-21890

9.1CVSS9.5AI score0.02951EPSS

CVE•added 2021/12/22 7:15 p.m.•44 views

CVE-2021-21875

A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.1CVSS9.2AI score0.00368EPSS

CVE•added 2021/12/22 7:15 p.m.•44 views

CVE-2021-21876

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

9.1CVSS9.2AI score0.00703EPSS

CVE•added 2021/12/22 7:15 p.m.•43 views

CVE-2021-21872

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.9CVSS9.6AI score0.00996EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21885

A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

7.2CVSS6.7AI score0.00267EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21892

A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.9CVSS9.7AI score0.04335EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21895

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.1CVSS7AI score0.02103EPSS

CVE•added 2021/12/22 7:15 p.m.•40 views

CVE-2021-21883

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.9CVSS9.6AI score0.03544EPSS

CVE•added 2021/12/22 7:15 p.m.•39 views

CVE-2021-21873

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.1CVSS9.2AI score0.00368EPSS

CVE•added 2021/12/22 7:15 p.m.•39 views

CVE-2021-21886

A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.

4.3CVSS4.2AI score0.00251EPSS

CVE•added 2021/12/22 7:15 p.m.•38 views

CVE-2021-21896

A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

6.5CVSS6.4AI score0.01117EPSS

CVE•added 2021/12/22 7:15 p.m.•37 views

CVE-2021-21874

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

9.1CVSS9.2AI score0.00368EPSS

CVE•added 2021/12/22 7:15 p.m.•34 views

CVE-2021-21878

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this ...

6.8CVSS4.9AI score0.00298EPSS