PT-2022-9793 · Lanner · Iac-Ast2500A
Andrea Palanca
·
Published
2022-10-24
·
Updated
2024-09-30
·
CVE-2021-26731
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lanner Inc IAC-AST2500A standard firmware version 1.10.0
Description
The issue is related to command injection and multiple stack-based buffer overflows vulnerabilities in the
modifyUserb func function of spx restservice. This allows an authenticated attacker to execute arbitrary code with the same privileges as the server user, which is root.Recommendations
For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, consider disabling the
modifyUserb func function in spx restservice as a temporary workaround until a patch is available. Restrict access to spx restservice to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Memory Corruption
Code Injection
Stack Overflow
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iac-Ast2500A