CVE-2020-13528

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
talosCNA
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
lantronixxport_edge_firmware
3.0.0.0:r11
lantronixxport_edge_firmware
3.1.0.0:r9
lantronixxport_edge_firmware
3.4.0.0:r12
lantronixxport_edge_firmware
4.2.0.0:r7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136