彙總 lannerinc 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位、記憶體損壞與輸入驗證問題 相關,可能在 生產負載與軟體部署 場景中帶來 記憶體損壞與異常行為 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-4228 | Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | [email protected] | 5.8 | 0.77% | 2022-10-24 | 2024-11-21 |
| CVE-2021-46279 | Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 5.8 | 0.22% | 2022-10-24 | 2024-11-21 |
| CVE-2021-45925 | Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 5.3 | 0.19% | 2022-10-24 | 2024-11-21 |
| CVE-2021-44776 | A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 6.5 | 0.12% | 2022-10-24 | 2024-11-21 |
| CVE-2021-44769 | An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 4.9 | 0.23% | 2022-10-24 | 2024-11-21 |
| CVE-2021-44467 | A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 5.3 | 0.22% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26733 | A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 5.3 | 0.22% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26732 | A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 6.5 | 0.16% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26731 | Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 9.1 | 3.03% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26730 | A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 10.0 | 1.37% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26729 | Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 10.0 | 8.13% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26728 | Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 10.0 | 3.48% | 2022-10-24 | 2024-11-21 |
| CVE-2021-26727 | Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | [email protected] | 10.0 | 8.13% | 2022-10-24 | 2024-11-21 |