Skip to main content
5 CVEs CRITICAL CVSS 9.8

Lantronix EDS5000 Command Injection Flaws

2026-03-11

SSH
Command Injection
TLS
CVE-2025-67035 CRITICAL

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

9.8
CVSS
0.0%
EPSS
CVE-2025-67038 CRITICAL

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

9.8
CVSS
0.0%
EPSS
CVE-2025-67034 HIGH

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. [CVSS 8.8 HIGH]

8.8
CVSS
0.0%
EPSS
CVE-2025-67036 HIGH

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. [CVSS 8.8 HIGH]

8.8
CVSS
0.0%
EPSS
CVE-2025-67037 HIGH

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. [CVSS 8.8 HIGH]

8.8
CVSS
0.0%
EPSS

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy