PT-2021-14810 · Lantronix · Lantronix Premierwave 2050

Matt Wiseman

Published

2021-12-22

Updated

2022-04-28

CVE-2021-21878

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lantronix PremierWave 2050 version 8.9.0.0R4

Description A local file inclusion issue exists in the Web Manager Applications and FsBrowse functionality. This can be triggered by a specially-crafted series of HTTP requests, allowing an attacker to perform local file inclusion through authenticated HTTP requests.

Recommendations For Lantronix PremierWave 2050 version 8.9.0.0R4, consider restricting access to the Web Manager Applications and FsBrowse functionality until a patch is available. As a temporary workaround, limit the ability to make a series of authenticated HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2021-21878

Affected Products

Lantronix Premierwave 2050

PT-2021-14810 · Lantronix · Lantronix Premierwave 2050

CVE-2021-21878

Weakness Enumeration

Related Identifiers

Affected Products

References · 5