4 matches found
CVE-2025-67036
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...
CVE-2025-67036
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...
Lantronix EDS5000 安全漏洞
The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from improper handling of the parameter for the Log Info page file name. It could allow authenticat...
CVE-2025-67036
CVE-2025-67036 affects Lantronix EDS5000 series (notably 2.1.0.0R3) where the Log Info page allows log file viewing by name. A missing sanitization in the file name parameter enables an authenticated attacker to inject arbitrary OS commands, executed with root privileges, leading to a high-severi...