Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 (QEMU) Web Manager FsTFtp Functionality

CVE-2021-21894 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Learn more about our Web App Pen Testing.