Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26730— spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow

CVSS 10.0 · Critical EPSS 1.37% · P80
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-26730

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
Lanner IAC-AST2500A 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lanner IAC-AST2500A是中国立端(Lanner)公司的一个模块和加速卡。适合 Lanner 网络设备,以支持基于 IPMI 标准的系统运行状况远程管理和监控。 Lanner IAC-AST2500A standard firmware 1.00.0版本存在缓冲区错误漏洞,该漏洞源于其spx_restservice的Login_handler_func函数的子函数允许攻击者利用命令注入和基于堆的缓冲区溢出导致使用与服务器root用户相同的权限执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Lanner IncIAC-AST2500A 1.10.0 -

II. Public POCs for CVE-2021-26730

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-26730

登录查看更多情报信息。

Same Patch Batch · Lanner Inc · 2022-10-24 · 13 CVEs total

CVE-2021-2672710.0 CRITICALspx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Ove
CVE-2021-2672810.0 CRITICALspx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow
CVE-2021-2672910.0 CRITICALspx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overf
CVE-2021-267319.1 CRITICALspx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflo
CVE-2021-267326.5 MEDIUMspx_restservice First_network_func Broken Access Control
CVE-2021-447766.5 MEDIUMspx_restservice SubNet_handler_func Broken Access Control
CVE-2021-42285.8 MEDIUMHard-coded TLS Certificate
CVE-2021-462795.8 MEDIUMSession Fixation and Insufficient Session Expiration
CVE-2021-267335.3 MEDIUMspx_restservice FirstReset_handler_func Broken Access Control
CVE-2021-444675.3 MEDIUMspx_restservice KillDupUsr_func Broken Access Control
CVE-2021-459255.3 MEDIUMUsername Enumeration
CVE-2021-447694.9 MEDIUMTLS Certificate Generation Function Improper Input Validation

IV. Related Vulnerabilities

Same product: IAC-AST2500A
Same vendor: Lanner Inc
Same weakness: CWE-121

V. Comments for CVE-2021-26730

No comments yet

Leave a comment