CVE-2020-13527: CSRF
First published: Thu Dec 17 2020(Updated: )
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lantronix Xport Edge Firmware | =3.0.0.0-r11 | |
| Lantronix Xport Edge Firmware | =3.1.0.0-r9 | |
| Lantronix Xport Edge Firmware | =3.4.0.0-r12 | |
| Lantronix Xport Edge Firmware | =4.2.0.0-r7 | |
| Lantronix XPort EDGE | ||
| Lantronix Sgx Firmware | =8.7.0.0-r1 | |
| Lantronix Sgx Firmware | =8.9.0.0-r4 | |
| Lantronix Sgx |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lantronix
- canonical/lantronix xport edge firmware
- version/lantronix xport edge firmware/3.0.0.0-r11
- version/lantronix xport edge firmware/3.1.0.0-r9
- version/lantronix xport edge firmware/3.4.0.0-r12
- version/lantronix xport edge firmware/4.2.0.0-r7
- canonical/lantronix xport edge
- canonical/lantronix sgx firmware
- version/lantronix sgx firmware/8.7.0.0-r1
- version/lantronix sgx firmware/8.9.0.0-r4
- canonical/lantronix sgx