CVE-2020-13528
Last modified
CVE-2020-13528 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. EPSS estimates a 2.93% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Lantronix | Xport Edge Firmware | 3.0.0.0 | R11 |
| Lantronix | Xport Edge Firmware | 3.1.0.0 | R9 |
| Lantronix | Xport Edge Firmware | 3.4.0.0 | R12 |
| Lantronix | Xport Edge Firmware | 4.2.0.0 | R7 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-13528?
How severe is CVE-2020-13528?
How do I fix CVE-2020-13528?
Are you affected by CVE-2020-13528?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST