CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-4228 – Hard-coded TLS Certificate
https://notcve.org/view.php?id=CVE-2021-4228
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. Un uso del certificado TLS embebido por defecto permite a un atacante llevar a cabo ataques de tipo Man-in-the-Middle (MitM) incluso en presencia de la conexión HTTPS. Este problema afecta: Lanner Inc IAC-AST2500A versión de firmware estándar 1.00.0 • https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1 https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •