CVE-2014-9002 Information

Description

Lantronix xPrintServer does not properly restrict access to ips/ which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.

Reference

http://i.imgur.com/gjbZhXZ.png http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html http://seclists.org/fulldisclosure/2014/Nov/24 https://exchange.xforce.ibmcloud.com/vulnerabilities/98644