CVE-2021-26730

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lanner Inc IAC-AST2500A standard firmware version 1.10.0

Description A stack-based buffer overflow vulnerability in a subfunction of the Login handler func function of spx restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root).

Recommendations For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, consider disabling the Login handler func function until a patch is available to prevent exploitation of the buffer overflow vulnerability.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2021-26730

Affected Products

Lanner Inc Iac-Ast2500A

CVE-2021-26730

Weakness Enumeration

Related Identifiers

Affected Products

References · 5