Описание
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:lantronix:xport_edge_firmware:3.0.0.0:r11:*:*:*:*:*:*
cpe:2.3:o:lantronix:xport_edge_firmware:3.1.0.0:r9:*:*:*:*:*:*
cpe:2.3:o:lantronix:xport_edge_firmware:3.4.0.0:r12:*:*:*:*:*:*
cpe:2.3:o:lantronix:xport_edge_firmware:4.2.0.0:r7:*:*:*:*:*:*
cpe:2.3:h:lantronix:xport_edge:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:lantronix:sgx_firmware:8.7.0.0:r1:*:*:*:*:*:*
cpe:2.3:o:lantronix:sgx_firmware:8.9.0.0:r4:*:*:*:*:*:*
cpe:2.3:h:lantronix:sgx:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00087
Низкий
4.8 Medium
CVSS3
4.5 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 4.9
github
больше 3 лет назад
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
EPSS
Процентиль: 25%
0.00087
Низкий
4.8 Medium
CVSS3
4.5 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-352
CWE-352