{"id":"CVE-2021-26732","details":"A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.","modified":"2026-05-04T08:33:59.663857Z","published":"2022-10-24T14:15:48.360Z","withdrawn":"2026-05-04T08:33:59.663857Z","references":[{"type":"ADVISORY","url":"https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26732/"},{"type":"ADVISORY","url":"https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26732.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}