Lantronix Serial-to-Ethernet Device Servers Leak Telnet Passwords

A NewSky Security researcher discovered that nearly half of all Lantronix Serial-to-Ethernet device servers exposed to the internet contain a long-standing vulnerability that results in exposure of their Telnet passwords. On devices that have not been updated to the latest firmware version, this vulnerability could allow a remote attacker to retrieve the device’s setup configuration and telnet password in plaintext by sending a malformed packet to port 30718. As Lantronix markets these devices specifically to “remotely monitor, manage, and control industrial equipment over the net,” many of them are likely connected to industrial control systems and create a high risk of network intrusion for organizations within critical infrastructure sectors. The NJCCIC recommends all users and administrators of the affected Lantronix devices review Bleeping Computer’s articlevisit the Lantronix website for the appropriate firmware updates, and apply them as soon as possible.

AdvisoryNJCCICLantronix