Search criteria
5 vulnerabilities found for xprintserver by lantronix
VAR-201605-0496
Vulnerability from variot - Updated: 2025-04-12 22:58Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party, root You may get access. LantronixxPrintServer is a print server from Lantronix. A remote attacker can exploit this vulnerability to gain root privileges. Lantronix xPrintServer is prone to multiple security vulnerabilities. Other attacks are also possible. Lantronix xPrintServer running firmware versions prior to 5.0.1-65 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xprintserver",
"scope": "lt",
"trust": 1.4,
"vendor": "lantronix",
"version": "5.0.1-65"
},
{
"model": "xprintserver",
"scope": "lte",
"trust": 1.0,
"vendor": "lantronix",
"version": "3.3.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lantronix",
"version": null
},
{
"model": "xprintserver",
"scope": "eq",
"trust": 0.6,
"vendor": "lantronix",
"version": "3.3.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lantronix:xprintserver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "90667"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4325",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-03255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4325",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4325",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-4325",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-03255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-391",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93144",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party, root You may get access. LantronixxPrintServer is a print server from Lantronix. A remote attacker can exploit this vulnerability to gain root privileges. Lantronix xPrintServer is prone to multiple security vulnerabilities. Other attacks are also possible. \nLantronix xPrintServer running firmware versions prior to 5.0.1-65 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4325"
},
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "BID",
"id": "90667"
},
{
"db": "VULHUB",
"id": "VHN-93144"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4325",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#785823",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU93382988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-03255",
"trust": 0.6
},
{
"db": "BID",
"id": "90667",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-93144",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "BID",
"id": "90667"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"id": "VAR-201605-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
}
]
},
"last_update_date": "2025-04-12T22:58:05.100000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "xPrintServer",
"trust": 0.8,
"url": "http://www.lantronix.com/it-management/xprintserver/xprintserver.html"
},
{
"title": "LantronixxPrintServer Permission to Obtain Vulnerability Patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76050"
},
{
"title": "Lantronix xPrintServer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61707"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/785823"
},
{
"trust": 0.8,
"url": "http://seclists.org/fulldisclosure/2014/nov/24"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9002"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9003"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4325"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93382988/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4325"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "BID",
"id": "90667"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#785823"
},
{
"date": "2016-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"date": "2016-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93144"
},
{
"date": "2016-05-13T00:00:00",
"db": "BID",
"id": "90667"
},
{
"date": "2016-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"date": "2016-05-14T16:59:05.307000",
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#785823"
},
{
"date": "2016-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"date": "2016-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93144"
},
{
"date": "2016-05-13T00:00:00",
"db": "BID",
"id": "90667"
},
{
"date": "2016-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lantronix xPrintServer contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
}
],
"trust": 0.6
}
}
CVE-2014-9003 (GCVE-0-2014-9003)
Vulnerability from nvd – Published: 2014-11-20 11:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xprintserver-version-csrf(98645)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xprintserver-version-csrf(98645)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xprintserver-version-csrf(98645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"name": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9003",
"datePublished": "2014-11-20T11:00:00",
"dateReserved": "2014-11-19T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9002 (GCVE-0-2014-9002)
Vulnerability from nvd – Published: 2014-11-20 11:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://i.imgur.com/gjbZhXZ.png"
},
{
"name": "xprintserver-version-command-exec(98644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://i.imgur.com/gjbZhXZ.png"
},
{
"name": "xprintserver-version-command-exec(98644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"name": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"name": "http://i.imgur.com/gjbZhXZ.png",
"refsource": "MISC",
"url": "http://i.imgur.com/gjbZhXZ.png"
},
{
"name": "xprintserver-version-command-exec(98644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9002",
"datePublished": "2014-11-20T11:00:00",
"dateReserved": "2014-11-19T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9003 (GCVE-0-2014-9003)
Vulnerability from cvelistv5 – Published: 2014-11-20 11:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xprintserver-version-csrf(98645)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xprintserver-version-csrf(98645)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xprintserver-version-csrf(98645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"name": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9003",
"datePublished": "2014-11-20T11:00:00",
"dateReserved": "2014-11-19T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9002 (GCVE-0-2014-9002)
Vulnerability from cvelistv5 – Published: 2014-11-20 11:00 – Updated: 2024-08-06 13:33
VLAI?
Summary
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://i.imgur.com/gjbZhXZ.png"
},
{
"name": "xprintserver-version-command-exec(98644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://i.imgur.com/gjbZhXZ.png"
},
{
"name": "xprintserver-version-command-exec(98644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"name": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"name": "http://i.imgur.com/gjbZhXZ.png",
"refsource": "MISC",
"url": "http://i.imgur.com/gjbZhXZ.png"
},
{
"name": "xprintserver-version-command-exec(98644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9002",
"datePublished": "2014-11-20T11:00:00",
"dateReserved": "2014-11-19T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}