CVE-2021-44776 is a medium-severity vulnerability classified under CWE-284 (Improper Access Control) affecting the Lanner Inc IAC-AST2500A device running standard firmware version 1.10.0. The vulnerability exists in the SubNet_handler_func function of the spx_restservice component. This flaw allows an unauthenticated remote attacker to arbitrarily modify security access rights related to KVM (Keyboard, Video, Mouse) and Virtual Media functionalities. Since these features typically enable remote management and control of hardware, improper access control here can lead to unauthorized manipulation of critical system functions. The CVSS v3.1 base score is 6.5, reflecting network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), but integrity (I:L) and availability (A:L) impacts. This means an attacker can disrupt system integrity and availability by escalating privileges or altering remote management capabilities without needing authentication or user interaction. No public exploits are currently known in the wild, and no patches are listed, indicating that affected organizations should prioritize mitigation and monitoring. The vulnerability could be exploited remotely over the network, making it a significant risk for exposed devices.

For European organizations using the Lanner IAC-AST2500A platform, this vulnerability poses a risk of unauthorized remote control over critical management interfaces. Compromise could allow attackers to alter device configurations, disrupt availability, or manipulate virtual media functions, potentially leading to service outages or further lateral movement within networks. Given that KVM and Virtual Media are often used for remote troubleshooting and maintenance, unauthorized access could also facilitate data exfiltration or insertion of malicious payloads. Industries relying on these devices for infrastructure management, such as telecommunications, manufacturing, or critical infrastructure sectors, could face operational disruptions. The lack of required authentication and user interaction increases the risk of automated exploitation attempts, especially if devices are internet-facing or insufficiently segmented. This could lead to broader impacts on supply chains or service continuity within European organizations.

Organizations should immediately assess their deployment of Lanner IAC-AST2500A devices and verify firmware versions. If running version 1.10.0, they should implement network-level access controls to restrict access to the management interfaces, ideally isolating these devices on dedicated management VLANs or behind VPNs. Employ strict firewall rules to limit inbound connections to trusted IP addresses only. Monitoring and logging of access to KVM and Virtual Media functionalities should be enhanced to detect anomalous activities. If possible, disable unused remote management features to reduce the attack surface. Since no official patches are currently available, organizations should engage with Lanner support for updates or workarounds. Additionally, applying network intrusion detection/prevention systems (IDS/IPS) signatures targeting suspicious access patterns to the spx_restservice could help detect exploitation attempts. Regular vulnerability scanning and penetration testing focused on these devices will help identify exposure and validate mitigations.