In this blog post, we will discuss a critical security issue affecting Lanner Inc.'s IAC-AST250A Integrated Automation Computer, specifically its standard firmware version 1.10.. The security vulnerability, dubbed CVE-2021-26732, is related to a broken access control vulnerability in the implementation of the First_network_func function of the spx_restservice. This vulnerability allows an attacker to arbitrarily change the network configuration of the Baseboard Management Controller (BMC) and potentially compromise the entire system.

Overview of IAC-AST250A

The Lanner Inc IAC-AST250A is an Integrated Automation Computer that incorporates hardware and software to provide users with a robust and scalable automation system. The device is equipped with Lanner's standard firmware version 1.10., which contains a security vulnerability in the implementation of the First_network_func function of its spx_rs_service.

What is the CVE-2021-26732 Vulnerability?

The CVE-2021-26732 vulnerability is a broken access control vulnerability in the First_network_func function of the BMC's spx_restservice. Due to improper access controls, an attacker can arbitrarily change the network configuration of the BMC. This can lead to a range of potential malicious activities, including unauthorized access to the system, leaking sensitive information, or complete system compromise.

Exploit Details

The vulnerable code can be found in the implementation of the First_network_func() function. An example of the code snippet is shown below:

int First_network_func(char **buf, const char *mac, const char *ip)
{
       strcpy(buf,mac);
       strcpy(buf+strlen(mac),ip);
       return ;  // Success
}

As shown in the code snippet, the function receives the pointers to the mac and ip addresses and then copies the data into the provided buffer without checking the buffer's size. Consequently, a buffer overflow can occur, which can be exploited by an attacker to overwrite adjacent memory, leading to arbitrary code execution or system crash.

How to mitigate CVE-2021-26732

Lanner Inc. has acknowledged the vulnerability and recommends updating the firmware to version 1.10.1 that contains the necessary security patches. The latest firmware can be downloaded from their official website here: Lanner Inc Firmware Downloads

Conclusion

It is crucial to stay aware and up-to-date with the latest firmware releases to ensure your devices remain secure from potential threats. The CVE-2021-26732 vulnerability is just one example of how seemingly simple coding errors can lead to severe security risks. As a user, it's essential to stay vigilant and consistently update your systems with the latest patches to minimize potential attack vectors. Lastly, manufacturers should also be aware of these risks and implement secure coding practices in their products to minimize vulnerabilities in their software.

Additionally, we recommend referring to the following resources for more information on this vulnerability:

1. NIST NVD (National Vulnerability Database): CVE-2021-26732
2. Lanner Inc's official website: Lanner Inc
3. OWASP (Open Web Application Security Project) Top Ten Project, which outlines common vulnerabilities and secure coding practices: OWASP Top Ten Project

Stay secure and keep your devices up-to-date to defend against ever-evolving cyber threats.

Timeline

Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/24/2022 18:19:00 UTC