CVE-2021-21878

MEDIUM

Lantronix Premierwave 2050 Firmware - Exposure to Wrong Actor

Title source: rule

Description

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2021-1322

Scores

CVSS v3 4.9

EPSS 0.0029

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (1)

lantronix/premierwave_2050_firmware

Timeline

Published Dec 22, 2021

Tracked Since Feb 18, 2026