An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HLantronix Eds5008
HWLantronixwszystkie wersjeLantronix Eds5008 Firmware
OSLantronix2.1.0.0Lantronix Eds5016
HWLantronixwszystkie wersjeLantronix Eds5016 Firmware
OSLantronix2.1.0.0Lantronix Eds5032
HWLantronixwszystkie wersjeLantronix Eds5032 Firmware
OSLantronix2.1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-67038CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Command injection w Lantronix EDS5000 – wykonanie poleceń jako root
CVE-2025-67035CRITICAL9.8PL ✓ten sam produkt
OS command injection w Lantronix EDS5000 — wykonanie kodu jako root
CVE-2025-67034HIGH8.8ten sam produkt
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into ...
CVE-2025-67036HIGH8.8ten sam produkt
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by spe...
CVE-2025-67039CRITICAL9.1PL ✓ten sam vendor
Pominięcie uwierzytelnienia w urządzeniach Lantronix EDS3000PS