OS Command Injection in Lantronix PremierWave 2050 Product
CVE-2021-21882

9.9CRITICAL

Key Information:

Vendor: Lantronix
Status: Lantronix
Vendor: CVE Published:; 22 December 2021

What is CVE-2021-21882?

An OS command injection vulnerability is present in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 version 8.9.0.0R4. This vulnerability allows attackers to craft specially-designed HTTP requests that can lead to arbitrary command execution. By sending an authenticated HTTP request, an attacker can exploit this vulnerability to execute commands on the system, potentially compromising the security and integrity of affected devices.

Affected Version(s)

Lantronix Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 22, 2021
Vulnerability Reserved
Jan 4, 2021

JSON