Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-21894: TALOS-2021-1337 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE
Open in Source
#vulnerability#web#windows#apple#cisco#intel#perl#auth#ssh#chrome#webkit#wifi
CVE-2021-21896: TALOS-2021-1338 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21877: TALOS-2021-1315 || Cisco Talos Intelligence Group

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

CVE-2021-21937: TALOS-2021-1366 || Cisco Talos Intelligence Group

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.

CVE-2021-21872: TALOS-2021-1312 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21876: TALOS-2021-1315 || Cisco Talos Intelligence Group

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

CVE-2021-21881: TALOS-2021-1325 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21888: TALOS-2021-1332 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21873: TALOS-2021-1314 || Cisco Talos Intelligence Group

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2021-21882: TALOS-2021-1326 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.