Hi,
The Lantronix xPrintServer is a small Linux powered print server for iOS. Main configuration happens through a web interface.
The problem is that the configuration happens through some ‘RPC’ interface; the web interfaces uses AJAX requests to talk to a CGI script that simply executes shell commands given to it. Take a look at the following screenshot:
http://i.imgur.com/gjbZhXZ.png
So.. that’s not really so secure. Launching a request to http://myip/ips?OP=rpc&c=
To make matters worse:
- The CGI script is accessible without needing to use credentials
- The devices uses bonjour that by defaults registers itself as xprintserver.local in the local network
- The device has no CSRF protection
Example code that allows any website to fetch the Linux version.
<script src="http://xprintserver.
This vulnerability is not reported to the vendor yet (because I need to register talk to their support).
Greetings,
Jim Bauwens
The Lantronix xPrintServer is a small Linux powered print server for iOS. Main configuration happens through a web interface.
The problem is that the configuration happens through some ‘RPC’ interface; the web interfaces uses AJAX requests to talk to a CGI script that simply executes shell commands given to it. Take a look at the following screenshot:
http://i.imgur.com/gjbZhXZ.png
So.. that’s not really so secure. Launching a request to http://myip/ips?OP=rpc&c=
To make matters worse:
- The CGI script is accessible without needing to use credentials
- The devices uses bonjour that by defaults registers itself as xprintserver.local in the local network
- The device has no CSRF protection
Example code that allows any website to fetch the Linux version.
<script src="http://xprintserver.
This vulnerability is not reported to the vendor yet (because I need to register talk to their support).
Greetings,
Jim Bauwens