VAR-201605-0496
Vulnerability from variot - Updated: 2025-04-12 22:58Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party, root You may get access. LantronixxPrintServer is a print server from Lantronix. A remote attacker can exploit this vulnerability to gain root privileges. Lantronix xPrintServer is prone to multiple security vulnerabilities. Other attacks are also possible. Lantronix xPrintServer running firmware versions prior to 5.0.1-65 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xprintserver",
"scope": "lt",
"trust": 1.4,
"vendor": "lantronix",
"version": "5.0.1-65"
},
{
"model": "xprintserver",
"scope": "lte",
"trust": 1.0,
"vendor": "lantronix",
"version": "3.3.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lantronix",
"version": null
},
{
"model": "xprintserver",
"scope": "eq",
"trust": 0.6,
"vendor": "lantronix",
"version": "3.3.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lantronix:xprintserver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "90667"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-4325",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-03255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4325",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4325",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-4325",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-03255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-391",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93144",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party, root You may get access. LantronixxPrintServer is a print server from Lantronix. A remote attacker can exploit this vulnerability to gain root privileges. Lantronix xPrintServer is prone to multiple security vulnerabilities. Other attacks are also possible. \nLantronix xPrintServer running firmware versions prior to 5.0.1-65 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4325"
},
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "BID",
"id": "90667"
},
{
"db": "VULHUB",
"id": "VHN-93144"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4325",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#785823",
"trust": 3.9
},
{
"db": "JVN",
"id": "JVNVU93382988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-03255",
"trust": 0.6
},
{
"db": "BID",
"id": "90667",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-93144",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "BID",
"id": "90667"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"id": "VAR-201605-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
}
]
},
"last_update_date": "2025-04-12T22:58:05.100000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "xPrintServer",
"trust": 0.8,
"url": "http://www.lantronix.com/it-management/xprintserver/xprintserver.html"
},
{
"title": "LantronixxPrintServer Permission to Obtain Vulnerability Patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76050"
},
{
"title": "Lantronix xPrintServer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61707"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/785823"
},
{
"trust": 0.8,
"url": "http://seclists.org/fulldisclosure/2014/nov/24"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9002"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9003"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4325"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93382988/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4325"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#785823"
},
{
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"db": "VULHUB",
"id": "VHN-93144"
},
{
"db": "BID",
"id": "90667"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#785823"
},
{
"date": "2016-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"date": "2016-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-93144"
},
{
"date": "2016-05-13T00:00:00",
"db": "BID",
"id": "90667"
},
{
"date": "2016-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"date": "2016-05-14T16:59:05.307000",
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#785823"
},
{
"date": "2016-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03255"
},
{
"date": "2016-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93144"
},
{
"date": "2016-05-13T00:00:00",
"db": "BID",
"id": "90667"
},
{
"date": "2016-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002779"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-391"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lantronix xPrintServer contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#785823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-391"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…