Lantronix XPort 6.10.0.1 - Unauthenticated Access Scanner

Lantronix XPort is a compact, integrated device server module used for enabling serial devices with network connectivity. It is widely used in embedded systems, industrial control devices, and remote monitoring solutions. Manufacturers and developers integrate XPort into their products to allow remote access and control. The product offers a simple way to network-enable serial devices without extensive redesign. XPort is often deployed in environments where physical access to devices is limited, such as in industrial automation or IoT settings. Its ease of integration and compact design make it a popular solution in many OEM systems.

This scanner identifies an unauthenticated access vulnerability in the telnet service of the Lantronix XPort device. The telnet interface does not enforce user authentication by default, allowing attackers to gain administrative access by simply pressing 'Enter' when prompted. This misconfiguration exposes sensitive configuration settings to unauthorized users. The vulnerability exists due to insecure default settings, which can be easily overlooked during deployment. As a result, systems using the affected version are at risk of unauthorized configuration changes. The risk is particularly high in environments with exposed or poorly segmented networks.

The vulnerability resides in the telnet service of Lantronix XPort, which is active by default and does not prompt for authentication credentials. By sending a simple newline character (` `), an attacker can bypass the login process. The scanner connects to the device via TCP and evaluates the response for specific keywords such as "Security", "Expert", and "Channel" that indicate successful access. The lack of authentication enables an attacker to access administrative functions of the device. This can include modifying network settings, managing ARP cache, or performing diagnostics. The vulnerability is exploitable remotely, increasing its criticality.

If exploited, the vulnerability allows unauthorized users to fully administer the device. Malicious actors could alter device settings, redirect network traffic, or disable key functionalities. This could lead to network downtime, data exfiltration, or use of the device as a pivot point in further attacks. In industrial settings, compromised devices might cause safety risks or operational disruptions. Attackers could also use access to install persistent backdoors or disable logging. Overall, the lack of authentication represents a significant security threat in both IT and OT environments.