Описание
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*
cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08393
Низкий
10 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-94
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
EPSS
Процентиль: 92%
0.08393
Низкий
10 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-94
CWE-77