An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HLantronix Eds5008
HWLantronixwszystkie wersjeLantronix Eds5008 Firmware
OSLantronix2.1.0.0r3Lantronix Eds5016
HWLantronixwszystkie wersjeLantronix Eds5016 Firmware
OSLantronix2.1.0.0r3Lantronix Eds5032
HWLantronixwszystkie wersjeLantronix Eds5032 Firmware
OSLantronix2.1.0.0r3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-67038CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Command injection w Lantronix EDS5000 – wykonanie poleceń jako root
CVE-2025-67035CRITICAL9.8PL ✓ten sam produkt
OS command injection w Lantronix EDS5000 — wykonanie kodu jako root
CVE-2025-67036HIGH8.8ten sam produkt
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by spe...
CVE-2025-67037HIGH8.8ten sam produkt
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into ...
CVE-2025-67039CRITICAL9.1PL ✓ten sam vendor
Pominięcie uwierzytelnienia w urządzeniach Lantronix EDS3000PS