CVE-2025-67041

Critical CVSS: 9.8

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Vendor

Lantronix

Product

Eds3016ps1ns Firmware

CWE

CWE-78

Yayın Tarihi

2026-03-11 17:16:52

Güncelleme

2026-03-19 20:09:32

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-78 Eds3016ps1ns Firmware CRITICAL Lantronix 2026

Referanslar

http://eds3000ps.com http://lantronix.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

Benzer Kayıtlar

Critical

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive informatio…

Critical

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when…

Critical

CVE-2025-67039

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appe…

Critical

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS…

High

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying th…

High

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunne…