Vulnerabilities > Lantronix > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-21884 OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0
An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4.
network
low complexity
lantronix CWE-78
critical
 9.0
9.0
2021-12-22 CVE-2021-21888 OS Command Injection vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0
An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU).
network
low complexity
lantronix CWE-78
critical
 9.0
9.0
2018-06-28 CVE-2018-12925 Weak Password Requirements vulnerability in Lantronix MSS Firmware
Baseon Lantronix MSS devices do not require a password for TELNET access.
network
low complexity
lantronix CWE-521
critical
 10.0
10
2016-05-14 CVE-2016-4325 Unspecified vulnerability in Lantronix Xprintserver Firmware
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
network
low complexity
lantronix
critical
 10.0
10
2014-11-20 CVE-2014-9002 Permissions, Privileges, and Access Controls vulnerability in Lantronix Xprintserver
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
network
low complexity
lantronix CWE-264
critical
 10.0
10