CVE-2025-67039

Critical CVSS: 9.1

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.

Vendor

Lantronix

Product

Eds3016ps1ns Firmware

CWE

CWE-288

Yayın Tarihi

2026-03-11 17:16:52

Güncelleme

2026-03-19 20:11:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-288 Eds3016ps1ns Firmware CRITICAL Lantronix 2026

Referanslar

http://eds3000ps.com http://lantronix.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Benzer Kayıtlar

Critical

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive informatio…

Critical

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when…

Critical

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browse…

Critical

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS…

High

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying th…

High

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunne…