Sign-up

ID

VAR-201605-0496


CVE

CVE-2016-4325


TITLE

Lantronix xPrintServer contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#785823

DESCRIPTION

Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party, root You may get access. LantronixxPrintServer is a print server from Lantronix. A remote attacker can exploit this vulnerability to gain root privileges. Lantronix xPrintServer is prone to multiple security vulnerabilities. Other attacks are also possible. Lantronix xPrintServer running firmware versions prior to 5.0.1-65 are vulnerable

Trust: 3.24

sources: NVD: CVE-2016-4325 // CERT/CC: VU#785823 // JVNDB: JVNDB-2016-002779 // CNVD: CNVD-2016-03255 // BID: 90667 // VULHUB: VHN-93144

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03255

AFFECTED PRODUCTS

vendor:lantronixmodel:xprintserverscope:ltversion:5.0.1-65

Trust: 1.4

vendor:lantronixmodel:xprintserverscope:lteversion:3.3.0

Trust: 1.0

vendor:lantronixmodel: - scope: - version: -

Trust: 0.8

vendor:lantronixmodel:xprintserverscope:eqversion:3.3.0

Trust: 0.6

sources: CERT/CC: VU#785823 // CNVD: CNVD-2016-03255 // JVNDB: JVNDB-2016-002779 // CNNVD: CNNVD-201605-391 // NVD: CVE-2016-4325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4325
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4325
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-03255
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-391
value: CRITICAL

Trust: 0.6

VULHUB: VHN-93144
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4325
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03255
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-93144
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4325
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-03255 // VULHUB: VHN-93144 // JVNDB: JVNDB-2016-002779 // CNNVD: CNNVD-201605-391 // NVD: CVE-2016-4325

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-93144 // JVNDB: JVNDB-2016-002779 // NVD: CVE-2016-4325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-391

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201605-391

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002779

PATCH
title:xPrintServerurl:http://www.lantronix.com/it-management/xprintserver/xprintserver.html
Trust: 0.8
title:LantronixxPrintServer Permission to Obtain Vulnerability Patchesurl:https://www.cnvd.org.cn/patchInfo/show/76050
Trust: 0.6
title:Lantronix xPrintServer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61707
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03255 // 
            
            
            
            JVNDB: JVNDB-2016-002779 // 
            
            
            
            CNNVD: CNNVD-201605-391

EXTERNAL IDS
db:NVDid:CVE-2016-4325
Trust: 4.2
db:CERT/CCid:VU#785823
Trust: 3.9
db:JVNid:JVNVU93382988
Trust: 0.8
db:JVNDBid:JVNDB-2016-002779
Trust: 0.8
db:CNNVDid:CNNVD-201605-391
Trust: 0.7
db:CNVDid:CNVD-2016-03255
Trust: 0.6
db:BIDid:90667
Trust: 0.4
db:VULHUBid:VHN-93144
Trust: 0.1
sources:
            
            
            CERT/CC: VU#785823 // 
            
            
            
            CNVD: CNVD-2016-03255 // 
            
            
            
            VULHUB: VHN-93144 // 
            
            
            
            BID: 90667 // 
            
            
            
            JVNDB: JVNDB-2016-002779 // 
            
            
            
            CNNVD: CNNVD-201605-391 // 
            
            
            
            NVD: CVE-2016-4325

REFERENCES
url:http://www.kb.cert.org/vuls/id/785823
Trust: 3.1
url:http://seclists.org/fulldisclosure/2014/nov/24
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9002
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9003
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4325
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93382988/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4325
Trust: 0.8
sources:
            
            
            CERT/CC: VU#785823 // 
            
            
            
            CNVD: CNVD-2016-03255 // 
            
            
            
            VULHUB: VHN-93144 // 
            
            
            
            JVNDB: JVNDB-2016-002779 // 
            
            
            
            CNNVD: CNNVD-201605-391 // 
            
            
            
            NVD: CVE-2016-4325

CREDITS
anonymous
Trust: 0.3
sources:
            
            
            BID: 90667

SOURCES
db:CERT/CCid:VU#785823
db:CNVDid:CNVD-2016-03255
db:VULHUBid:VHN-93144
db:BIDid:90667
db:JVNDBid:JVNDB-2016-002779
db:CNNVDid:CNNVD-201605-391
db:NVDid:CVE-2016-4325

LAST UPDATE DATE
2025-04-12T22:58:05.100000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#785823date:2016-05-13T00:00:00
db:CNVDid:CNVD-2016-03255date:2016-05-18T00:00:00
db:VULHUBid:VHN-93144date:2016-05-19T00:00:00
db:BIDid:90667date:2016-05-13T00:00:00
db:JVNDBid:JVNDB-2016-002779date:2016-05-23T00:00:00
db:CNNVDid:CNNVD-201605-391date:2016-05-16T00:00:00
db:NVDid:CVE-2016-4325date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#785823date:2016-05-13T00:00:00
db:CNVDid:CNVD-2016-03255date:2016-05-18T00:00:00
db:VULHUBid:VHN-93144date:2016-05-14T00:00:00
db:BIDid:90667date:2016-05-13T00:00:00
db:JVNDBid:JVNDB-2016-002779date:2016-05-23T00:00:00
db:CNNVDid:CNNVD-201605-391date:2016-05-16T00:00:00
db:NVDid:CVE-2016-4325date:2016-05-14T16:59:05.307