漏洞描述
The Lantronix XPort's telnet service is not configured to require authentication by default.An unauthenticated user can remotely administer the device by hitting 'Enter' when prompted by the telnet service.
lantronix-xport-unauth: Lantronix XPort 6.10.0.1 - Unauthenticated Access
PoC代码[已公开]
id: lantronix-xport-unauth
info:
name: Lantronix XPort 6.10.0.1 - Unauthenticated Access
author: John Osborn (Summit Security Group,LLC)
severity: high
description: |
The Lantronix XPort's telnet service is not configured to require authentication by default.An unauthenticated user can remotely administer the device by hitting 'Enter' when prompted by the telnet service.
reference:
- https://www.lantronix.com/wp-content/uploads/pdf/XPort_UG.pdf
metadata:
verified: true
tags: misconfig,tcp,default-login,network,vuln
tcp:
- inputs:
- data: "\r\n"
- read: 2048
host:
- "{{Hostname}}"
port: 9999
matchers:
- type: word
words:
- "Security"
- "Expert"
- "Channel"
- "ARP cache"
condition: and
# digest: 490a0046304402206a696b06dfed2d9e90a9ea5b217ecdf617f319a717d32fbc0a1501b55561ff8402205d46ee5c5ac9ea4b2b78559bd3aa0dec2c79e6ba4d26264c2bd92eb1584d032a:922c64590222798bb761d5b6d8e72950