CVE-2021-26733
published 2022-10-24CVE-2021-26733: A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.65%
46.6th percentile
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lanner_inc | iac-ast2500a | — | — |
| lannerinc | iac-ast2500a_firmware | — | — |
| linux | linux_kernel | >= 0 < 4.4.0-259.293 | 4.4.0-259.293 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2024-09-26·CVSS 5.5
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Input Device (Tablet) drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- SCSI drivers;
- GCT GDM724x LTE driver;
- USB subsystem;
- VFIO drivers;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Networking core;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022
GHSA
GHSA-x67v-rjgm-7f75: A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot command
ghsa_unreviewed·2022-10-24
CVE-2021-26733 [HIGH] CWE-862 GHSA-x67v-rjgm-7f75: A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot command
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/
2022-10-24
Published