Description
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136
Scores
CVSS v3
5.3
EPSS
0.0293
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (4)
lantronix/xport_edge_firmware
3.0.0.0 r11
lantronix/xport_edge_firmware
3.1.0.0 r9
lantronix/xport_edge_firmware
3.4.0.0 r12
lantronix/xport_edge_firmware
4.2.0.0 r7
Published
Dec 18, 2020
Tracked Since
Feb 18, 2026