Lantronix’s XPort device is affected by a critical vulnerability that can be used for takeover and disruption, including in the energy sector.
April 21, 2025 By Eduard Kovacs
A vulnerability discovered in a Lantronix device that is used worldwide in various critical infrastructure sectors can expose systems to remote hacking.
An advisory published by the cybersecurity agency CISA last week revealed that a critical missing authentication vulnerability has been found in Lantronix XPort, a product that enables remote connectivity and control for devices. The security hole enables an attacker to gain unauthorized access to the device’s configuration interface.
The XPort product is deployed around the world in sectors such as critical manufacturing, transportation systems, water, and energy, according to CISA. The vendor’s website shows that the product is used, among others, for traffic lights, industrial product manufacturing, and surveillance systems.