Talos Vulnerability Report

TALOS-2020-1136

Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability

December 16, 2020
CVE Number

CVE-2020-13528

Summary

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.

Tested Versions

Lantronix XPort EDGE 3.0.0.0R11
Lantronix XPort EDGE 3.1.0.0R9
Lantronix XPort EDGE 3.4.0.0R12
Lantronix XPort EDGE 4.2.0.0R7

Product URLs

https://www.lantronix.com/products/xport-edge/

CVSSv3 Score

3.1 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Details

The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices.

When configuring secure credentials for the Lantronix XPort EDGE, TLS private keys and AES encryption and decryption keys are transmitted in cleartext over the network. An attacker can sniff the network communications during configuration and capture these keys. The attacker would then have the ability to man in the middle encrypted communications using these keys.

Timeline

2020-08-10 - Vendor Disclosure
2020-12-16 - Public Release

Credit

Discovered by Kelly Leuschner of Cisco Talos.