19 matches found
EUVD-2020-5775
Malware in sbrugna...
CVE-2020-13527
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
Lantronix Xport Encryption Issue Vulnerability
Lantronix Xport Edge is a hardware device from Lantronix, Inc. that enables Ethernet connectivity and control of industrial equipment. A security vulnerability exists in Lantronix Xport version 2.0.0.13, which is caused by sending weakly encoded credentials in the web request header...
CVE-2020-13527
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-13528
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerabilit...
CVE-2020-13527
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-13528
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerabilit...
Authentication flaw
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
Information disclosure
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerabilit...
CVE-2020-13528
Lantronix XPort EDGE Web Manager and telnet CLI expose sensitive information in cleartext over the network. Specifically, TLS private keys and AES encryption/decryption keys may be transmitted in cleartext during configuration, allowing an attacker who can sniff traffic to capture keys and potent...
CVE-2020-13527
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-13527
CVE-2020-13527 affects Lantronix XPort EDGE Web Manager, with authenticated session handling flaws that can lead to privilege escalation. A GET request to Web Manager could set a user session with elevated rights, enabling later requests to modify configuration (e.g., enabling/disabling services,...
PT-2020-13604 · Lantronix · Xport Edge
Name of the Vulnerable Software and Affected Versions: Lantronix XPort EDGE versions 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12, 4.2.0.0R7 Description: An authentication bypass issue exists in the Web Manager functionality. A specially crafted HTTP request can cause increased privileges. An attacker can...
PT-2020-13605 · Lantronix · Xport Edge
Name of the Vulnerable Software and Affected Versions: Lantronix XPort EDGE versions 3.0.0.0R11 through 4.2.0.0R7 Description: An information disclosure issue exists in the Web Manager and telnet CLI functionality. A specially crafted HTTP request can cause information disclosure. An attacker can...
Vulnerability Spotlight: Two vulnerabilities in Lantronix XPort EDGE
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure...
Lantronix Xport Edge Cross-Site Request Forgery Vulnerability
Lantronix Xport Edge is a hardware device from Lantronix, Inc. that enables industrial equipment to have Ethernet connectivity and control. The Lantronix XPort EDGE suffers from a cross-site request forgery vulnerability that originates from an authentication bypass vulnerability in the Web Manag...
Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability
Summary An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this...
Lantronix XPort EDGE Web Manager CSRF vulnerability
Summary An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Test...
Lantronix Xport Edge Security Vulnerability
Lantronix Xport Edge is a hardware device from Lantronix USA that supports industrial equipment with Ethernet connectivity and control capabilities. A security vulnerability exists in the Lantronix XPort EDGE that originates from a specially crafted HTTP request that could lead to information...