Vulnerabilities > Lantronix > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-21895 Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU).
network
low complexity
lantronix CWE-22
6.5
6.5
2021-12-22 CVE-2021-21896 Path Traversal vulnerability in Lantronix Premierwave 2050 Firmware 8.9.0.0
A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU).
network
low complexity
lantronix CWE-22
5.5
5.5
2020-12-18 CVE-2020-13528 Cleartext Transmission of Sensitive Information vulnerability in Lantronix Xport Edge Firmware
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7.
network
high complexity
lantronix CWE-319
5.3
5.3
2020-12-18 CVE-2020-13527 Cross-Site Request Forgery (CSRF) vulnerability in Lantronix SGX Firmware and Xport Edge Firmware
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7.
network
low complexity
lantronix CWE-352
4.5
4.5
2019-05-02 CVE-2018-10383 Cross-site Scripting vulnerability in Lantronix Securelinx Spider Firmware
Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
network
lantronix CWE-79
4.3
4.3
2014-11-20 CVE-2014-9003 Cross-Site Request Forgery (CSRF) vulnerability in Lantronix Xprintserver
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
network
lantronix CWE-352
6.8
6.8
2005-07-11 CVE-2005-2189 Information Disclosure vulnerability in Lantronix Securelinx 2.0/3.0
Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.
network
low complexity
lantronix
5.0
5.0