Lannerinc Iac-ast2500a Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Lannerinc Iac-ast2500a Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2021-26730 — CVSS 10.0 (critical): A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to…
CVE-2021-26728 — CVSS 10.0 (critical): Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to…
CVE-2021-26729 — CVSS 10.0 (critical): Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an…
CVE-2021-26727 — CVSS 10.0 (critical): Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow…
CVE-2021-26731 — CVSS 9.1 (critical): Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an…
CVE-2021-26732 — CVSS 6.5 (medium): A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the…
CVE-2021-44776 — CVSS 6.5 (medium): A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the…
CVE-2021-46279 — CVSS 5.8 (medium): Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users…
CVE-2021-44467 — CVSS 5.3 (medium): A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active…
CVE-2021-45925 — CVSS 5.3 (medium): Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects…
CVE-2021-26733 — CVSS 5.3 (medium): A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send…
CVE-2021-44769 — CVSS 4.9 (medium): An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS)…