CVE-2021-21879 - Vulnerability Details

Vendors	Products
Lantronix	Premierwave 2050

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Lantronix", "vendor": "n/a", "versions": [{"status": "affected", "version": "Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-22T18:06:30", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2021-21879", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lantronix", "version": {"version_data": [{"version_value": "Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 9.9, "baseSeverity": "Critical", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:29.768Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2021-21879", "datePublished": "2021-12-22T18:06:30", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:23:29.768Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Lantronix (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU) (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.9 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-22 (string)

description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-22T18:06:30 (string)

orgId : b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b (string)

shortName : talos (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : talos-cna@cisco.com (string)

ID : CVE-2021-21879 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Lantronix (string)

version : { »

version_data : [ »

0 : { »

version_value : Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU) (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. (string)

}

]

}

impact : { »

cvss : { »

baseScore : 9.9 (number)

baseSeverity : Critical (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323 (string)

refsource : MISC (string)

url : https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:23:29.768Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b (string)

assignerShortName : talos (string)

cveId : CVE-2021-21879 (string)

datePublished : 2021-12-22T18:06:30 (string)

dateReserved : 2021-01-04T00:00:00 (string)

dateUpdated : 2024-08-03T18:23:29.768Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:premierwave_2050:8.9.0.0:r4:*:*:*:*:*:*", "matchCriteriaId": "7AF0A207-15CA-40DA-BE95-DD378B36503B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:premierwave_2050:-:*:*:*:*:*:*:*", "matchCriteriaId": "18D68E19-E0E6-4102-A973-814686E4EC82", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de salto de directorio en la funcionalidad File Upload del Administrador Web de Lantronix PremierWave versi\u00f3n 2050 8.9.0.0R4. Una petici\u00f3n HTTP especialmente dise\u00f1ada puede conllevar la sobreescritura arbitraria de archivos. Un atacante puede realizar una petici\u00f3n HTTP autenticada para desencadenar esta vulnerabilidad"}], "id": "CVE-2021-21879", "lastModified": "2024-11-21T05:49:09.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-22T19:15:08.957", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lantronix:premierwave_2050:8.9.0.0:r4:*:*:*:*:*:* (string)

matchCriteriaId : 7AF0A207-15CA-40DA-BE95-DD378B36503B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lantronix:premierwave_2050:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 18D68E19-E0E6-4102-A973-814686E4EC82 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. (string)

}

1 : { »

lang : es (string)

value : Se presenta una vulnerabilidad de salto de directorio en la funcionalidad File Upload del Administrador Web de Lantronix PremierWave versión 2050 8.9.0.0R4. Una petición HTTP especialmente diseñada puede conllevar la sobreescritura arbitraria de archivos. Un atacante puede realizar una petición HTTP autenticada para desencadenar esta vulnerabilidad (string)

}

]

id : CVE-2021-21879 (string)

lastModified : 2024-11-21T05:49:09.957 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.9 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.1 (number)

impactScore : 6 (number)

source : talos-cna@cisco.com (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-12-22T19:15:08.957 (string)

references : [ »

0 : { »

source : talos-cna@cisco.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://talosintelligence.com/vulnerability_reports/TALOS-2021-1323 (string)

}

]

sourceIdentifier : talos-cna@cisco.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : talos-cna@cisco.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object