A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HLantronix Premierwave 2050
HWLantronixwszystkie wersjeLantronix Premierwave 2050 Firmware
OSLantronix8.9.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
Related vulnerabilities
CVE-2021-21873CRITICAL9.1ten sam produkt
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attack...
CVE-2021-21874CRITICAL9.1ten sam produkt
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attack...
CVE-2021-21876CRITICAL9.1ten sam produkt
Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make ...
CVE-2021-21877CRITICAL9.1ten sam produkt
Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can mak...
CVE-2021-21872CRITICAL9.9ten sam produkt
An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantr...