Lannerinc Iac-ast2500a
12 CVEs affecting Lannerinc Iac-ast2500a. Latest disclosed: 2022-10-24. Critical: 5, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-26730 | Critical | 10.0 | 2022-10-24 | A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code… |
CVE-2021-26729 | Critical | 10.0 | 2022-10-24 | Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute… |
CVE-2021-26728 | Critical | 10.0 | 2022-10-24 | Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary cod… |
CVE-2021-26727 | Critical | 10.0 | 2022-10-24 | Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execut… |
CVE-2021-26731 | Critical | 9.1 | 2022-10-24 | Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker… |
CVE-2021-44776 | Medium | 6.5 | 2022-10-24 | A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access right… |
CVE-2021-26732 | Medium | 6.5 | 2022-10-24 | A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration… |
CVE-2021-46279 | Medium | 5.8 | 2022-10-24 | Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: L… |
CVE-2021-45925 | Medium | 5.3 | 2022-10-24 | Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST250… |
CVE-2021-44467 | Medium | 5.3 | 2022-10-24 | A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other u… |
CVE-2021-26733 | Medium | 5.3 | 2022-10-24 | A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the… |
CVE-2021-44769 | Medium | 4.9 | 2022-10-24 | An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can… |