CVE-2021-26730
CRITICALLanner Inc IAC-AST2500A Firmware 1.10.0 - Stack-based Buffer Overflow in Login Handler
Title source: llmDescription
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
References (2)
Core 2
Core References
Third Party Advisory
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
Third Party Advisory
https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26730/
Scores
CVSS v3
10.0
EPSS
0.0098
EPSS Percentile
57.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
CWE-787
Status
published
Products (1)
lannerinc/iac-ast2500a_firmware
1.10.0
Published
Oct 24, 2022
Tracked Since
Feb 18, 2026