Lantronix: >> Premierwave 2050 Firmware >> 8.9.0.0 Security Vulnerabilities
A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletedir). An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.03
Published
2021-12-22
A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.03
Published
2021-12-22
A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.043
Published
2021-12-22
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.009
Published
2021-12-22
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.021
Published
2021-12-22
A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
4.9
EPSS Score
0.011
Published
2021-12-22
An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.01
Published
2021-12-22
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-12-22
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-12-22
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-12-22