An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization.
This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 6
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Lantronix Eds5032_Firmware
cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*
|
— | — |
|
Lantronix Eds5032
cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*
|
— | — |
|
Lantronix Eds5008_Firmware
cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*
|
— | — |
|
Lantronix Eds5008
cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*
|
— | — |
|
Lantronix Eds5016_Firmware
cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*
|
— | — |
|
Lantronix Eds5016
cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*
|
— | — |