Lantronix Device Server Password Disclosure Network Vulnerability

Summary

Lantronix Device Server is prone to a Password Disclosure. It was possible to retrieve the setup record from Lantronix devices via the config port (30718/udp, enabled by default) and to extract the telnet/http password.

Solution

Disable access to udp port 30718.

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)

Take action and discover your vulnerabilities