|Number of vulnerabilities||1|
|CWE ID|| CWE-200
|Public exploit||Not available|
Lantronix Device Server
|Vulnerable software versions||
Lantronix Device Server 188.8.131.52
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to the module retrieves the setup record from Lantronix serial-to-ethernet devices via the config port (30718/udp, enabled by default) and extracts the telnet password. A remote attacker can sending a specially crafted request to port 30718, obtain these passwords and perform further attacks.
Cybersecurity Help is currently unaware of any solution addressing the vulnerability.External links