VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 24, 2022· Updated May 7, 2025

spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows

CVE-2021-26727

Description

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple command injection and stack buffer overflow vulnerabilities in spx_restservice's SubNet_handler_func allow unauthenticated remote attackers to execute arbitrary code as root on Lanner IAC-AST2500A BMC.

Vulnerability

The vulnerability resides in the SubNet_handler_func function of spx_restservice, a component of the AMI MegaRAC SP-X based BMC firmware. Improper input validation leads to multiple command injections and stack-based buffer overflows. Affects Lanner IAC-AST2500A standard firmware version 1.10.0 [1][2]. The code path is reachable over the network without authentication.

Exploitation

An unauthenticated remote attacker can send crafted network requests to the spx_restservice endpoint. By manipulating input parameters, the attacker can trigger command injection or stack buffer overflow, achieving arbitrary code execution. No user interaction is required [1][2].

Impact

Successful exploitation results in arbitrary code execution with root privileges on the BMC. This compromises the entire BMC, potentially allowing the attacker to also compromise the managed host [1][2].

Mitigation

Lanner provides updated BMC firmware versions that fix the issue; contact Lanner technical support for the updated firmware [2]. No workaround is disclosed. The CVE is not listed in the CISA Known Exploited Vulnerabilities Catalog.

References
  1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1
  2. CVE-2021-26727 | Nozomi Networks Labs

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.