Lantronix: Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-11-20
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
CVSS Score
10.0
EPSS Score
0.038
Published
2014-11-20
Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap.
CVSS Score
7.8
EPSS Score
0.005
Published
2009-09-10
Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
3.3
EPSS Score
0.002
Published
2007-11-15
Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-07-11
Page 4