LantronixCVEs & Vulnerabilities

35 CVEs affecting Lantronix products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

premierwave 2050 25premierwave 2050 firmware 23xport edge firmware 9xport edge 3sgx firmware 2xprintserver 2securelinx 2mss 1
CVE-2021-21872KEVCRITICALin the wild

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

11 Apr 2026
9.9
CVSS
CVE-2021-21881KEVCRITICALin the wild

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

11 Apr 2026
9.9
CVSS
CVE-2023-7237HIGH

Lantronix XPort sends weakly encoded credentials within web request headers.

24 Jan 2024
7.5
CVSS
CVE-2021-21896MEDIUM

A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
6.5
CVSS
CVE-2021-21895HIGH

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
7.2
CVSS
CVE-2021-21894CRITICAL

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21892CRITICAL

A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.9
CVSS
CVE-2021-21891CRITICAL

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21890CRITICAL

A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletedir). An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21889CRITICAL

A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.9
CVSS
CVE-2021-21888CRITICAL

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21887CRITICAL

A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21886MEDIUM

A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
4.3
CVSS
CVE-2021-21885HIGH

A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
7.2
CVSS
CVE-2021-21884CRITICAL

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21883CRITICAL

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.9
CVSS
CVE-2021-21882HIGH

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
8.8
CVSS
CVE-2021-21880HIGH

A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
7.2
CVSS
CVE-2021-21879HIGH

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
8.8
CVSS
CVE-2021-21878MEDIUM

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.

22 Dec 2021
4.9
CVSS
CVE-2021-21877CRITICAL

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21876CRITICAL

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21875CRITICAL

A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21874CRITICAL

A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2021-21873CRITICAL

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

22 Dec 2021
9.1
CVSS
CVE-2020-13528MEDIUM

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.

18 Dec 2020
5.3
CVSS
CVE-2020-13527MEDIUM

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

18 Dec 2020
4.5
CVSS
CVE-2018-10383MEDIUM

Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.

2 May 2019
6.1
CVSS
CVE-2018-12925CRITICAL

Baseon Lantronix MSS devices do not require a password for TELNET access.

28 Jun 2018
9.8
CVSS
CVE-2016-4325CRITICAL

Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.

14 May 2016
9.8
CVSS
CVE-2014-9003MEDIUM

Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action.

20 Nov 2014
6.8
CVSS
CVE-2014-9002CRITICAL

Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.

20 Nov 2014
10.0
CVSS
CVE-2008-7201HIGH

Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap.

10 Sep 2009
7.8
CVSS
CVE-2007-5981LOW

Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

15 Nov 2007
3.3
CVSS
CVE-2005-2189MEDIUM

Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.

11 Jul 2005
5.0
CVSS
← PrevPage 1 / 1Next →