Lannerinc Iac-ast2500a_firmware

12 CVEs affecting Lannerinc Iac-ast2500a_firmware. Latest disclosed: 2022-10-24. Critical: 5, High: 0.

Top CVEs affecting Lannerinc Iac-ast2500a_firmware
CVESeverityScorePublishedSummary
CVE-2021-26730Critical10.02022-10-24A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code…
CVE-2021-26729Critical10.02022-10-24Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute…
CVE-2021-26728Critical10.02022-10-24Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary cod…
CVE-2021-26727Critical10.02022-10-24Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execut…
CVE-2021-26731Critical9.12022-10-24Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker…
CVE-2021-44776Medium6.52022-10-24A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access right…
CVE-2021-26732Medium6.52022-10-24A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration…
CVE-2021-46279Medium5.82022-10-24Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: L…
CVE-2021-45925Medium5.32022-10-24Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST250…
CVE-2021-44467Medium5.32022-10-24A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other u…
CVE-2021-26733Medium5.32022-10-24A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the…
CVE-2021-44769Medium4.92022-10-24An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can…