PT-2022-9791 · Lanner · Iac-Ast2500A
Andrea Palanca
·
Published
2022-10-24
·
Updated
2022-12-03
·
CVE-2021-26729
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lanner Inc IAC-AST2500A standard firmware version 1.10.0
Description
The issue is related to command injection and multiple stack-based buffer overflows vulnerabilities in the
Login handler func function of spx restservice, allowing an attacker to execute arbitrary code with the same privileges as the server user, which is root.Recommendations
For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, consider disabling the
Login handler func function until a patch is available to prevent exploitation. Restrict access to the spx restservice to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Memory Corruption
Code Injection
Stack Overflow
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iac-Ast2500A