PT-2022-9790 · Lanner · Iac-Ast2500A
Andrea Palanca
·
Published
2022-10-24
·
Updated
2022-12-03
·
CVE-2021-26728
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lanner Inc IAC-AST2500A standard firmware version 1.10.0
Description
Command injection and stack-based buffer overflow vulnerabilities in the
KillDupUsr func function of spx restservice allow an attacker to execute arbitrary code with the same privileges as the server user, which is root.Recommendations
For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, consider disabling the
KillDupUsr func function in spx restservice until a patch is available to prevent potential exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Memory Corruption
Code Injection
Stack Overflow
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iac-Ast2500A