Lucene search
K

6 matches found

EUVD
EUVD
added 2026/03/11 6:30 p.m.3 views

EUVD-2025-208587

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

5.9AI score0.01131EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from improper handling of the parameter for the Log Info page file name. It could allow authenticat...

8.8CVSS6.8AI score0.00384EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/22 11:0 p.m.12 views

CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference

Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...

6.9CVSS0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/22 11:0 p.m.10 views

CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference

Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...

6.9CVSS6.8AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.7 views

PT-2025-22568 · Lantronix · Lantronix Device Installer

Name of the Vulnerable Software and Affected Versions: Lantronix Device installer affected versions not specified Description: The issue concerns XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices...

6.9CVSS6.4AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.4 views

Lantronix Device installer 代码问题漏洞

Lantronix Device installer is a device installer from Lantronix USA. A code issue vulnerability exists in Lantronix Device installer version 4.4.0.7 and prior versions, which stems from an XML external entity attack in a configuration file that could lead to credential disclosure and configuratio...

6.9CVSS6.7AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder