CVE-2021-21882
Description
An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated attacker can inject arbitrary OS commands via an unsanitized path parameter in the FsUnmount function of Lantronix PremierWave 2050 Web Manager, leading to root-level command execution.
Vulnerability
An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 firmware version 8.9.0.0R4 [1]. The FsUnmount AJAX handler constructs system calls to /sbin/ltrx_usb_umount and mount using the unsanitized path HTTP parameter. The parameter is concatenated with a prefix and passed to sprintf_malloc to build a command string, which is then executed via exec_system_cmd with root privileges [1]. The vulnerable code path is reachable after successful authentication with a low-privileged account [1].
Exploitation
An attacker needs authenticated access to the Web Manager interface of the device, but no special administrative privileges are required [1]. The attacker crafts a specially-crafted HTTP request to the FsUnmount AJAX function, supplying a malicious path parameter containing command shell metacharacters (e.g., backticks or semicolons). The unsanitized path value is embedded in a command string such as /sbin/ltrx_usb_umount '/ltrx_user/', which triggers arbitrary command execution [1].
Impact
Successful exploitation allows an attacker to execute arbitrary OS commands on the device with root privileges [1]. This can lead to full compromise of the device, including data exfiltration, installation of persistent backdoors, denial of service, or pivoting to other network resources. The CVSSv3 score is 9.9 (Critical) due to high impact on confidentiality, integrity, and availability, and because the attack is network-based with low complexity and requires only low privileges [1].
Mitigation
As of the published advisory (TALOS-2021-1326, December 22, 2021), no official patch or firmware update from Lantronix is referenced [1]. Users are advised to restrict network access to the Web Manager interface to trusted administrative networks only, and to monitor for any vendor security updates. The product may be approaching end of life, but no EOL statement is provided in the available references [1]. This CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the current date.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Lantronix/PremierWave 2050description
- Range: =8.9.0.0R4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1326mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.