PT-2021-14814 · Lantronix · Lantronix Premierwave 2050

Matt Wiseman

Published

2021-12-22

Updated

2022-04-28

CVE-2021-21883

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lantronix PremierWave 2050 version 8.9.0.0R4

Description An OS command injection issue exists in the Web Manager Diagnostics: Ping functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this issue.

Recommendations For Lantronix PremierWave 2050 version 8.9.0.0R4, consider restricting access to the Web Manager Diagnostics: Ping functionality until a patch is available. As a temporary workaround, avoid using the Diagnostics: Ping functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-21883

Affected Products

Lantronix Premierwave 2050

PT-2021-14814 · Lantronix · Lantronix Premierwave 2050

CVE-2021-21883

Weakness Enumeration

Related Identifiers

Affected Products

References · 4