PT-2020-13604 · Lantronix · Xport Edge
Published
2020-12-17
·
Updated
2022-10-07
·
CVE-2020-13527
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Lantronix XPort EDGE versions 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12, 4.2.0.0R7
Description
An authentication bypass issue exists in the Web Manager functionality. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this issue.
Recommendations
For versions 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12, and 4.2.0.0R7, consider restricting access to the Web Manager functionality until a patch is available.
As a temporary workaround, consider disabling the Web Manager functionality to minimize the risk of exploitation.
Avoid using the Web Manager functionality until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xport Edge