← Back

Lannerinc

lannerinc

13 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Iac Ast2500a Firmware
iac-ast2500a_firmware
12 CVEs
Iac Ast2500 Firmware
iac-ast2500_firmware
1 CVE
Iac Ast2500a
iac-ast2500a
0 CVEs
Iac Ast2500
iac-ast2500
0 CVEs

CVEs (13)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-4228
1Lannerinc
1Iac Ast2500 Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
7.4 HIGH· v3
N/A· v2
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware vers...Show more
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.Show less
CVE-2021-46279
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-45925
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-44776
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affect...Show more
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-44769
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: La...Show more
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-44467
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an inpu...Show more
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26733
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue...Show more
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26732
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A stand...Show more
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26731
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the se...Show more
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26730
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This iss...Show more
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26729
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (r...Show more
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26728
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This is...Show more
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less
CVE-2021-26727
1Lannerinc
1Iac Ast2500a Firmware
Nov 21, 2024
Oct 24, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user...Show more
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.Show less