CVE-2021-21881

CRITICAL EXPLOITED IN THE WILD NUCLEI

Lantronix Premierwave 2050 Firmware - OS Command Injection

Title source: rule

Description

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Nuclei Templates (1)

Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection

CRITICALby gy741

References (1)

[Exploit, Technical Description, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2021-1325

Scores

CVSS v3 9.9

EPSS 0.9233

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2022-08-19

InTheWild.io 2022-08-19

CWE

CWE-78

Status published

Products (1)

lantronix/premierwave_2050_firmware 8.9.0.0 r4

Published Dec 22, 2021

Tracked Since Feb 18, 2026