CVE-2020-13527
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Lantronix XPort EDGE 3.0.0.0R11
Lantronix XPort EDGE 3.1.0.0R9
Lantronix XPort EDGE 3.4.0.0R12
Lantronix XPort EDGE 4.2.0.0R7
Lantronix SGX 5150 8.7.0.0R1
Lantronix SGX 5150 8.9.0.0R4
https://www.lantronix.com/products/xport-edge/
4.8 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
CWE-352 - Cross-Site Request Forgery (CSRF)
The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices.
A GET request to the XPort EDGE Web Manager application with a valid username and password will cause a session to be set for that user. Any subsequent requests made by the user’s browser will be granted the same privileges as the original authenticated GET request. An attacker could craft a malicious web page that submits a POST request which would allow an attacker to modify configuration data. Some examples of configuration changes that could be made by an attacker include, enabling or disabling services such as telnet, modification of user credentials, and modifying the serial line configuration. This attack could result in denying access to legitimate users, allowing the attacker to further configure the device through the telnet service, or denying access to the serial line data.
2020-08-10 - Vendor Disclosure
2020-12-16 - Public Release
Discovered by Kelly Leuschner of Cisco Talos.