Lucene search
K

37 matches found

thn
thn
added 2026/06/24 5:19 p.m.17 views

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...

9.8CVSS7.5AI score0.00889EPSS
Exploits1
vulncheck_kev
vulncheck_kev
added 2026/06/23 12:0 a.m.13 views

VulnCheck KEV: CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS6.1AI score0.00889EPSS
In wildExploits1References3
cisa_kev
cisa_kev
added 2026/06/23 12:0 a.m.9 views

Lantronix EDS5000 Code Injection Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges...

9.8CVSS6.3AI score0.00889EPSS
In wildExploits1
redhatcve
redhatcve
added 2026/03/26 3:19 p.m.7 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

8.8CVSS5.9AI score0.00302EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:19 p.m.5 views

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:19 p.m.5 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS6AI score0.00889EPSS
Exploits1References1
euvd
euvd
added 2026/03/11 6:30 p.m.5 views

EUVD-2025-208585

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

5.8AI score0.00302EPSS
Exploits0References4
euvd
euvd
added 2026/03/11 6:30 p.m.5 views

EUVD-2025-208581

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

5.9AI score0.00329EPSS
Exploits0References4
nvd
nvd
added 2026/03/11 5:16 p.m.6 views

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

9.8CVSS0.00889EPSS
Exploits1References2
nvd
nvd
added 2026/03/11 5:16 p.m.4 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

8.8CVSS0.00302EPSS
Exploits0References1
nvd
nvd
added 2026/03/11 5:16 p.m.7 views

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

9.8CVSS0.00329EPSS
Exploits0References1
nvd
nvd
added 2026/03/11 5:16 p.m.2 views

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...

8.8CVSS0.00302EPSS
Exploits0References1
nvd
nvd
added 2026/03/11 5:16 p.m.3 views

CVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges...

8.8CVSS0.00372EPSS
Exploits0References1
cve
cve
added 2026/03/11 12:0 a.m.17 views

CVE-2025-67035

CVE-2025-67035 affects Lantronix EDS5000 (2.1.0.0R3). The SSH Client and SSH Server pages are vulnerable due to insufficient sanitization of input parameters, enabling an attacker to inject arbitrary commands in delete actions of objects like server keys, users, and known hosts. Commands are exec...

9.8CVSS5.9AI score0.00329EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/03/11 12:0 a.m.31 views

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

0.00329EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/11 12:0 a.m.4 views

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

5.9AI score0.00329EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/11 12:0 a.m.4 views

PT-2026-24722

Name of the Vulnerable Software and Affected Versions Lantronix EDS5000 version 2.1.0.0R3 Description An authenticated attacker can inject operating system commands into the name parameter when deleting SSL credentials through the management interface. Injected commands are executed with root...

8.8CVSS6.6AI score0.00372EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/03/11 12:0 a.m.2 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

5.9AI score0.00302EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/11 12:0 a.m.1 views

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

6AI score0.00329EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/11 12:0 a.m.9 views

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from the HTTP RPC module directly concatenating commands into the username parameter without proper...

9.8CVSS6.8AI score0.00889EPSS
Exploits1References3
Rows per page
Query Builder