PT-2022-9789 · Lanner · Lanner Inc Iac-Ast2500A
Andrea Palanca
·
Published
2022-10-24
·
Updated
2022-12-03
·
CVE-2021-26727
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lanner Inc IAC-AST2500A standard firmware version 1.10.0
Description
The issue is related to multiple command injections and stack-based buffer overflows vulnerabilities in the
SubNet handler func function of spx restservice. This allows an attacker to execute arbitrary code with the same privileges as the server user, which is root.Recommendations
For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, consider disabling the
SubNet handler func function until a patch is available to prevent exploitation of the command injections and stack-based buffer overflows vulnerabilities.Fix
Memory Corruption
Code Injection
Stack Overflow
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lanner Inc Iac-Ast2500A