Lantronix: Security Vulnerabilities
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-12-22
Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.007
Published
2021-12-22
Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.007
Published
2021-12-22
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-12-22
A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.004
Published
2021-12-22
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-12-18
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
CVSS Score
3.1
EPSS Score
0.003
Published
2020-12-18
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
CVSS Score
6.1
EPSS Score
0.059
Published
2019-05-02
Baseon Lantronix MSS devices do not require a password for TELNET access.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-28
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.009
Published
2016-05-14