Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21896 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2021-21876 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability. | |||||
CVE-2021-21890 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletedir). An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2021-21894 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. |