CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26727

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1770%
EPSS Percentile13.80th
PublishedOct 24, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Affected Platforms (CPE)

πŸ’»
Lannerinc

Iac Ast2500a Firmware

= 1.10.0

References & Advisories

πŸ”— https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
πŸ”— https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/
πŸ”— https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
πŸ”— https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/

Related Vulnerabilities

CVE-2021-2672810.0

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an atta...

CVE-2021-2673010.0

A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attac...

CVE-2021-2672910.0

Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice ...

CVE-2021-267319.1

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice al...

CVE-2021-26727 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space