CVE-2021-21881

Name of the Vulnerable Software and Affected Versions Lantronix PremierWave 2050 version 8.9.0.0R4 Hirschmann BAT-C2 (affected versions not specified)

Description A command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality, allowing a specially-crafted HTTP request to lead to command execution. An attacker can make an authenticated HTTP request to trigger this issue. The vulnerability is also present in the Hirschmann BAT-C2 WLAN client firmware due to insufficient neutralization of special elements used in an OS command, which can be exploited by sending a specially-formed HTTP request to execute arbitrary code.

Recommendations For Lantronix PremierWave 2050 version 8.9.0.0R4, consider disabling the Web Manager Wireless Network Scanner functionality until a patch is available. For Hirschmann BAT-C2, restrict access to the WLAN client firmware to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.