CVE-2020-13527

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
talosCNA
4.8 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
lantronixxport_edge_firmware
3.0.0.0:r11
lantronixxport_edge_firmware
3.1.0.0:r9
lantronixxport_edge_firmware
3.4.0.0:r12
lantronixxport_edge_firmware
4.2.0.0:r7
lantronixsgx_firmware
8.7.0.0:r1
lantronixsgx_firmware
8.9.0.0:r4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1135
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1135