lannerinc CVE Vulnerabilities & Metrics

Focus on lannerinc vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About lannerinc Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with lannerinc. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total lannerinc CVEs: 13
Earliest CVE date: 24 Oct 2022, 14:15 UTC
Latest CVE date: 24 Oct 2022, 14:15 UTC

Latest CVE reference: CVE-2021-4228

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical lannerinc CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	13
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS lannerinc CVEs

These are the five CVEs with the highest CVSS scores for lannerinc, sorted by severity first and recency.

CVE-2021-4228 lannerinc Published on 24 Oct 2022, 14:15 UTC (CVSS: 0)
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.
CVE-2021-46279 lannerinc Published on 24 Oct 2022, 14:15 UTC (CVSS: 0)
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-45925 lannerinc Published on 24 Oct 2022, 14:15 UTC (CVSS: 0)
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-44776 lannerinc Published on 24 Oct 2022, 14:15 UTC (CVSS: 0)
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-44769 lannerinc Published on 24 Oct 2022, 14:15 UTC (CVSS: 0)
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

All CVEs for lannerinc

CVE-2021-4228 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.

CVE-2021-46279 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-45925 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-44776 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-44769 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-44467 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26733 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26732 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26731 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26730 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26729 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26728 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26727 lannerinc vulnerability CVSS: 0 24 Oct 2022, 14:15 UTC

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.