Remote Command Execution Flaw in Lantronix xPrintServer
CVE-2014-9002

Currently unrated

Key Information:

Vendor: Lantronix
Status: Xprintserver
Vendor: CVE Published:; 20 November 2014

What is CVE-2014-9002?

The Lantronix xPrintServer features a vulnerability that permits unauthorized access to the 'ips/' directory, allowing remote attackers to execute arbitrary commands through manipulation of the 'c' parameter in the RPC action. This weakness poses a significant risk to users, as it could lead to compromised systems and unauthorized command execution.

References

http://seclists.org/fulldisclosure/2014/Nov/24

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/129091/Lantronix-xPr...

x_refsource_MISC

http://i.imgur.com/gjbZhXZ.png

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2014
Vulnerability Reserved
Nov 19, 2014