CVE-2025-67036

High CVSS: 8.8

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.

Vendor

Lantronix

Product

Eds5032 Firmware

CWE

CWE-94

Yayın Tarihi

2026-03-11 17:16:51

Güncelleme

2026-03-19 20:15:11

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Eds5032 Firmware HIGH Lantronix 2026

Referanslar

http://eds5000.com http://lantronix.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Benzer Kayıtlar

Critical

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive informatio…

Critical

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when…

Critical

CVE-2025-67039

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appe…

Critical

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browse…

Critical

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS…

High

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunne…