Vulnerability Details CVE-2021-4228
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.3%
CVSS Severity
CVSS v3 Score 5.8
References
- https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
- https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228/
- https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
- https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228/
Products affected by CVE-2021-4228
-
cpe:2.3:h:lannerinc:iac-ast2500:-
-
cpe:2.3:o:lannerinc:iac-ast2500_firmware:1.00.0