An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 22.214.171.124R11, 126.96.36.199R9, 188.8.131.52R12 and 184.108.40.206R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Lantronix XPort EDGE 220.127.116.11R11
Lantronix XPort EDGE 18.104.22.168R9
Lantronix XPort EDGE 22.214.171.124R12
Lantronix XPort EDGE 126.96.36.199R7
Lantronix SGX 5150 188.8.131.52R1
Lantronix SGX 5150 184.108.40.206R4
4.8 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
CWE-352 - Cross-Site Request Forgery (CSRF)
The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices.
A GET request to the XPort EDGE Web Manager application with a valid username and password will cause a session to be set for that user. Any subsequent requests made by the user’s browser will be granted the same privileges as the original authenticated GET request. An attacker could craft a malicious web page that submits a POST request which would allow an attacker to modify configuration data. Some examples of configuration changes that could be made by an attacker include, enabling or disabling services such as telnet, modification of user credentials, and modifying the serial line configuration. This attack could result in denying access to legitimate users, allowing the attacker to further configure the device through the telnet service, or denying access to the serial line data.
2020-08-10 - Vendor Disclosure
2020-12-16 - Public Release
Discovered by Kelly Leuschner of Cisco Talos.