Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Executive summary

Cisco Talos recently discovered two vulnerabilities in the Web Manager functionality of Lantronix XPort EDGE. The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices. An adversary could send the victim various requests to trigger two vulnerabilities that could later allow them to shut down access to the device and disclose sensitive information.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Lantronix to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Lantronix XPort EDGE Web Manager CSRF vulnerability (TALOS-2020-1135/CVE-2020-13527)

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

For more information on this vulnerability, read the complete advisory here.

Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability (TALOS-2020-1136/CVE-2020-13528)

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.

For more information on this vulnerability, read the complete advisory here.

Versions tested

Talos tested and confirmed that these vulnerabilities affect the Lantronix XPort EDGE, versions 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12, 4.2.0.0R7, as well as the Lantronix SGX 5150, versions 8.7.0.0R1 and 8.9.0.0R4.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 54762, 54763