Summary
Lantronix Device Server is prone to a Password Disclosure.
It was possible to retrieve the setup record from Lantronix devices via the config port (30718/udp, enabled by default) and to extract the telnet/http password.
Solution
Disable access to udp port 30718.
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)