Talos Vulnerability Report

TALOS-2020-1135

Lantronix XPort EDGE Web Manager CSRF vulnerability

December 16, 2020
CVE Number

CVE-2020-13527

Summary

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

Tested Versions

Lantronix XPort EDGE 3.0.0.0R11
Lantronix XPort EDGE 3.1.0.0R9
Lantronix XPort EDGE 3.4.0.0R12
Lantronix XPort EDGE 4.2.0.0R7
Lantronix SGX 5150 8.7.0.0R1
Lantronix SGX 5150 8.9.0.0R4

Product URLs

https://www.lantronix.com/products/xport-edge/

CVSSv3 Score

4.8 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Details

The XPort EDGE is a next-generation wired Ethernet gateway for providing secure Ethernet connectivity to serial devices.

A GET request to the XPort EDGE Web Manager application with a valid username and password will cause a session to be set for that user. Any subsequent requests made by the user’s browser will be granted the same privileges as the original authenticated GET request. An attacker could craft a malicious web page that submits a POST request which would allow an attacker to modify configuration data. Some examples of configuration changes that could be made by an attacker include, enabling or disabling services such as telnet, modification of user credentials, and modifying the serial line configuration. This attack could result in denying access to legitimate users, allowing the attacker to further configure the device through the telnet service, or denying access to the serial line data.

Timeline

2020-08-10 - Vendor Disclosure
2020-12-16 - Public Release

Credit

Discovered by Kelly Leuschner of Cisco Talos.