Cross-Site Request Forgery Vulnerability in Lantronix xPrintServer
CVE-2014-9003

Currently unrated

Key Information:

Vendor: Lantronix
Status: Xprintserver
Vendor: CVE Published:; 20 November 2014

What is CVE-2014-9003?

The Lantronix xPrintServer has a critical CSRF vulnerability that enables remote attackers to hijack administrator authentication, resulting in unauthorized modifications to configurations. This flaw is exploited by executing arbitrary commands, specifically through manipulation of the 'c' parameter in the rpc action, which can lead to unauthorized control over the device.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98645

vdb-entryx_refsource_XF

http://seclists.org/fulldisclosure/2014/Nov/24

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/129091/Lantronix-xPr...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2014
Vulnerability Reserved
Nov 19, 2014