Matt Wiseman discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in Lantronix’s PremierWave 2050, an embedded Wi-Fi module.
There are several vulnerabilities in PremierWave 2050’s Web Manager, a web-accessible application that allows users to configure settings for the 2050 gateway. An attacker could exploit some of these vulnerabilities to carry out a range of malicious actions, including executing arbitrary code and deleting or replacing files on the targeted device. Twelve of these vulnerabilities could allow a malicious user to manipulate the Web Manager in a way — for example, overflowing a fixed-size buffer — that would allow them to execute arbitrary code. These vulnerabilities all require the attacker to authenticate to the Web Manager first:
- TALOS-2021-1312 (CVE-2021-21872)
- TALOS-2021-1314 (CVE-2021-21873 - CVE-2021-21875)
- TALOS-2021-1315 (CVE-2021-21876 and CVE-2021-21877)
- TALOS-2021-1325 (CVE-2021-21881)
- TALOS-2021-1326 (CVE-2021-21882)
- TALOS-2021-1327 (CVE-2021-21883)
- TALOS-2021-1328 (CVE-2021-21884)
- TALOS-2021-1331 (CVE-2021-21887)
- TALOS-2021-1332 (CVE-2021-21888)
- TALOS-2021-1333 (CVE-2021-21889)
- TALOS-2021-1335 (CVE-2021-21892)
There are also four directory traversal vulnerabilities that could lead to local file inclusion or overwrite:
- TALOS-2021-1323 (CVE-2021-21879)
- TALOS-2021-1324 (CVE-2021-21880)
- TALOS-2021-1329 (CVE-2021-21885)
- TALOS-2021-1337 (CVE-2021-21894 and CVE-2021-21895)
There is another directory traversal vulnerability in the Web Manager’s FsBrowseCleanr function (TALOS-2021-1338/CVE-2021-21896), though in this case, an attacker could delete files on the targeted device. And a sixth directory traversal vulnerability (TALOS-2021-1330/CVE-2021-21886) could lead to the adversary viewing certain file and directory names after sending the targeted device a specially crafted HTTP request.
Lastly, we also discovered TALOS-2021-1322 (CVE-2021-21878), a local file inclusion vulnerability. An attacker could exploit this vulnerability to bypass certain restrictions and disclose contents of previously inaccessible files through the creation of an intermediate symlink.
Lantronix fixed these issues as part of a patch in version 9.10.0.0R4. We are disclosing these vulnerabilities in adherence to Cisco’s vulnerability disclosure policy.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57753 - 57759, 57764 - 57769, 57777 - 57779, 57783, 57784, 57796, 57800, 57801, 57805, 57806, 57792 - 57795. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.