Lucene search
K

4 matches found

NVD
NVD
added 2026/03/11 5:16 p.m.3 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

8.8CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 12:0 a.m.29 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Lantronix EDS5000 安全漏洞

The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 2.1.0.0R3 version contains a security vulnerability. This vulnerability stems from improper handling of the parameter for the Log Info page file name. It could allow authenticat...

8.8CVSS6.8AI score0.0032EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 12:0 a.m.14 views

CVE-2025-67036

CVE-2025-67036 affects Lantronix EDS5000 series (notably 2.1.0.0R3) where the Log Info page allows log file viewing by name. A missing sanitization in the file name parameter enables an authenticated attacker to inject arbitrary OS commands, executed with root privileges, leading to a high-severi...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder