spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow
Description
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in Lanner IAC-AST2500A firmware allows unauthenticated remote code execution as root on the BMC, compromising the managed host.
Vulnerability
A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This affects Lanner Inc IAC-AST2500A standard firmware version 1.10.0. [1][2]
Exploitation
An unauthenticated remote attacker can trigger the overflow by sending a specially crafted request to the service. No authentication or user interaction is required. [2]
Impact
Successful exploitation results in arbitrary code execution with root privileges on the BMC, potentially allowing the attacker to compromise the managed host. [2]
Mitigation
Updated BMC firmware versions that fix the issue are available from Lanner technical support. [2]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2= 1.10.0+ 1 more
- (no CPE)range: = 1.10.0
- (no CPE)range: 1.10.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.