Lantronix: Security Vulnerabilities
Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.028
Published
2021-12-22
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-12-22
A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.007
Published
2021-12-22
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-12-18
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
CVSS Score
3.1
EPSS Score
0.007
Published
2020-12-18
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
CVSS Score
6.1
EPSS Score
0.018
Published
2019-05-02
Baseon Lantronix MSS devices do not require a password for TELNET access.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-28
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2016-05-14
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-11-20
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
CVSS Score
10.0
EPSS Score
0.036
Published
2014-11-20