17 matches found
CVE-2025-70082
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...
CVE-2025-67041
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
EUVD-2025-208589
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username...
EUVD-2025-208595
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...
CVE-2025-70082
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...
CVE-2025-67039
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username...
CVE-2025-67041
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
PT-2026-24725
🔴 CVE-2025-70082 - Critical An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx evo component https://t.co/N5z4YEHeeB https://t.co/GkGvM2OIgj...
CVE-2025-70082
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...
CVE-2025-67041
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
CVE-2025-67041
CVE-2025-67041 affects Lantronix EDS3000PS (3.1.0.0R2). The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized, enabling an attacker to escape the original command and execute arbitrary commands with root privileges. The vulnerability is rated CVSS v3.1 bas...
CVE-2025-67041
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
CVE-2025-70082
CVE-2025-70082 affects Lantronix EDS3000PS Series (v3.1.0.0R2) via the ltrx_evo component, enabling arbitrary code execution and sensitive data access. The vulnerability is documented across multiple sources (NVD, Red Hat, EUVD/ENISA, CVE list) with a high severity (CVSS v3.1: CRITICAL, AV:N/AC:L...
CVE-2025-67039
CVE-2025-67039 affects Lantronix EDS3000PS (v3.1.0.0R2). Authentication on management pages can be bypassed by appending a URL suffix and by sending an Authorization header with username “admin,” enabling potential unauthorized access over the network. Related disclosures group this under BRIDGE:...
CVE-2025-67041
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
CVE-2025-67039
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username...
Lantronix EDS3000PS and EDS5000
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...