CVE-2021-21889

{"id": "CVE-2021-21889", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2021-12-22T19:15:09.357", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1333", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad Ping del Administrador Web de Lantronix PremierWave versi\u00f3n 2050 8.9.0.0R4 (en QEMU). Una petici\u00f3n HTTP especialmente dise\u00f1ada puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede hacer una petici\u00f3n HTTP autenticada para desencadenar esta vulnerabilidad"}], "lastModified": "2022-04-28T19:31:11.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:premierwave_2050_firmware:8.9.0.0:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0160E0B-2A30-4E5C-BC9D-FB059D24BB93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:premierwave_2050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18D68E19-E0E6-4102-A973-814686E4EC82"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}