CVE-2025-67035

Critical CVSS: 9.8

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.

Vendor

Lantronix

Product

Eds5032 Firmware

CWE

CWE-94

Yayın Tarihi

2026-03-11 17:16:51

Güncelleme

2026-03-19 20:17:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Eds5032 Firmware CRITICAL Lantronix 2026

Referanslar

http://eds5000.com http://lantronix.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Benzer Kayıtlar

Critical

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive informatio…

Critical

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when…

Critical

CVE-2025-67039

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appe…

Critical

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browse…

High

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying th…

High

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunne…