6 matches found
EUVD-2025-208587
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...
Lantronix EDS5000 安全漏洞
The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from improper handling of the parameter for the Log Info page file name. It could allow authenticat...
CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference
Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...
CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference
Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...
PT-2025-22568 · Lantronix · Lantronix Device Installer
Name of the Vulnerable Software and Affected Versions: Lantronix Device installer affected versions not specified Description: The issue concerns XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices...
Lantronix Device installer 代码问题漏洞
Lantronix Device installer is a device installer from Lantronix USA. A code issue vulnerability exists in Lantronix Device installer version 4.4.0.7 and prior versions, which stems from an XML external entity attack in a configuration file that could lead to credential disclosure and configuratio...