{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T15:17:43.556","vulnerabilities":[{"cve":{"id":"CVE-2021-21895","sourceIdentifier":"talos-cna@cisco.com","published":"2021-12-22T19:15:09.557","lastModified":"2024-11-21T05:49:11.853","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability."},{"lang":"es","value":"Se presenta una vulnerabilidad de salto de directorio en la funcionalidad FsTFtp del Administrador Web de Lantronix PremierWave versión 2050 8.9.0.0R4 (en QEMU). Una petición HTTP especialmente diseñada puede conllevar la sobreescritura de archivos FsTFtp. Un atacante puede realizar una petición HTTP autenticada para desencadenar esta vulnerabilidad"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lantronix:premierwave_2050_firmware:8.9.0.0:r4:*:*:*:*:*:*","matchCriteriaId":"C0160E0B-2A30-4E5C-BC9D-FB059D24BB93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lantronix:premierwave_2050:-:*:*:*:*:*:*:*","matchCriteriaId":"18D68E19-E0E6-4102-A973-814686E4EC82"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1337","source":"talos-cna@cisco.com","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1337","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}}]}