Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21888 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2021-21872 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2021-21886 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. |