Login Sign Up

CVE-2021-21894

9.1 CRITICAL

📋 TL;DR

This CVE describes an authenticated directory traversal vulnerability in Lantronix PremierWave 2050's Web Manager FsTFtp functionality. An attacker with valid credentials can exploit this to read or overwrite arbitrary files on the system. This affects Lantronix PremierWave 2050 devices running version 8.9.0.0R4 in QEMU environments.

💻 Affected Systems

Products:
  • Lantronix PremierWave 2050
Versions: 8.9.0.0R4
Operating Systems: QEMU
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the Web Manager interface. The vulnerability exists specifically in the FsTFtp functionality.

📦 What is this software?

Premierwave 2050 Firmware by Lantronix

View all CVEs affecting Premierwave 2050 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file overwrite leading to remote code execution, configuration tampering, or credential theft.

🟠

Likely Case

Unauthorized file access leading to sensitive information disclosure, configuration manipulation, or denial of service through critical file corruption.

🟢

If Mitigated

Limited impact if proper network segmentation, authentication controls, and file system permissions are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid authentication credentials but uses simple directory traversal techniques once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Lantronix for updated firmware

Vendor Advisory: https://www.lantronix.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Contact Lantronix support for latest firmware. 2. Backup current configuration. 3. Apply firmware update via Web Manager or console. 4. Reboot device. 5. Verify update applied successfully.

🔧 Temporary Workarounds

Disable Web Manager FsTFtp

all

Disable the vulnerable FsTFtp functionality if not required for operations

Network Segmentation

all

Restrict access to Web Manager interface to trusted networks only

🧯 If You Can't Patch

  • Implement strict network access controls to limit Web Manager access to authorized IPs only
  • Enforce strong authentication policies and consider multi-factor authentication

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via Web Manager interface or console. If running 8.9.0.0R4, device is vulnerable.

Check Version:

Check via Web Manager interface or use console command specific to Lantronix devices

Verify Fix Applied:

Verify firmware version has been updated to a version later than 8.9.0.0R4

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in Web Manager logs
  • Multiple failed authentication attempts followed by successful login and file operations

Network Indicators:

  • HTTP requests to Web Manager with directory traversal patterns (../ sequences)
  • Unusual file transfer activity via Web Manager interface

SIEM Query:

source="lantronix_web_manager" AND (uri="*../*" OR action="file_access")

📊 Metadata

CVE ID: CVE-2021-21894
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-22
Published: December 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21894, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)