Lantronix XPort 6.10.0.1 - Unauthenticated Access

ID: lantronix-xport-unauth

Severity: high

Author: John Osborn (Summit Security Group,LLC)

Tags: misconfig,tcp,default-login,network

Description

The Lantronix XPort’s telnet service is not configured to require authentication by default.An unauthenticated user can remotely administer the device by hitting ‘Enter’ when prompted by the telnet service.

YAML Source

id: lantronix-xport-unauth

info:
  name: Lantronix XPort 6.10.0.1 - Unauthenticated Access
  author: John Osborn (Summit Security Group,LLC)
  severity: high
  description: |
    The Lantronix XPort's telnet service is not configured to require authentication by default.An unauthenticated user can remotely administer the device by hitting 'Enter' when prompted by the telnet service.
  reference:
    - https://www.lantronix.com/wp-content/uploads/pdf/XPort_UG.pdf
  metadata:
    verified: true
  tags: misconfig,tcp,default-login,network

tcp:
  - inputs:
      - data: "\r\n"
      - read: 2048

    host:
      - "{{Hostname}}"
    port: 9999

    matchers:
      - type: word
        words:
          - "Security"
          - "Expert"
          - "Channel"
          - "ARP cache"
        condition: and
# digest: 4b0a00483046022100ba36c9ca75c5be64d00ee141cc3682a9753c4e07fb51dc8076b86c9355f1fed9022100f1d80753fea187119640c6bd0899e5cceee60c3ec4f03f05e93911b41cfbf7cf:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "network/misconfig/lantronix-xport-unauth.yaml"

View on Github