A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them.

The leaky devices are various Serial-to-Ethernet “device servers” manufactured by Lantronix, a California-based hardware vendor.

Companies buy these “device servers” and use them as a way to connect to remote equipment that only comes with serial interfaces.

Products such as Lantronix UDS or xDirect allow companies to plug an RS-XXX serial connector in one end, and an RJ-45 Ethernet connector in the other, and then manage the device via a LAN or WAN connection.

Lantronix device servers modus operandi

According to one product’s description, “the UDS1100-IAP is a rugged and powerful tool which enables users to connect, manage and control just about any piece of industrial equipment from virtually anywhere over Ethernet or the Internet,” while another product’s description claims it provides “quick and easy Ethernet connectivity to virtually any device or machine with a serial interface.”

The “device servers” are very popular in the ICS (Industrial Control Systems) sector, where companies use them to control old equipment that features only serial ports.

Half of Lantronix device servers are leaking passwords

Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security, discovered yesterday that almost a half of Lantronix device servers reachable online are leaking their Telnet passwords.

“6,464 Lantronix device servers that may be connected to critical ICS-grade equipment are proudly exposing their…

Continue ….

[SOURCE]