A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1334 | Exploit Technical Description Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1334 | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 05:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2021-1334 - Exploit, Technical Description, Third Party Advisory |
03 Jan 2022, 22:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:o:lantronix:premierwave_2050_firmware:8.9.0.0:r4:*:*:*:*:*:* cpe:2.3:h:lantronix:premierwave_2050:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 9.1 |
References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2021-1334 - Exploit, Technical Description, Third Party Advisory |
22 Dec 2021, 20:11
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-22 19:15
Updated : 2024-11-21 05:49
NVD link : CVE-2021-21891
Mitre link : CVE-2021-21891
CVE.ORG link : CVE-2021-21891
JSON object : View
Products Affected
lantronix
- premierwave_2050
- premierwave_2050_firmware