CVE-2021-4228

High

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the…

Nozomi·CWE-321·Published 2022-10-24

CVSS

7.4

EPSS

0.10

KEV

Exploits

cve.orgen

231 chars

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.

NVDen

231 chars

NVDes

249 chars

Un uso del certificado TLS embebido por defecto permite a un atacante llevar a cabo ataques de tipo Man-in-the-Middle (MitM) incluso en presencia de la conexión HTTPS. Este problema afecta: Lanner Inc IAC-AST2500A versión de firmware estándar 1.00.0

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L