CRITICAL🇵🇱 Wersja polska

CVE-2025-67041

CVSS 9.8v3.1pub. 2026-03-11upd. 2026-07-05

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

🤖 AI Analysis
How it works

The vulnerability results from improper sanitization of the TFTP client host parameter available on the Filesystem Browser page in the device management interface. An attacker can provide a crafted parameter value that allows escaping from the originally intended command and injection of their own arbitrary system command. The injected command is executed with root privileges, giving full control over the device. The flaw is compounded by missing authentication mechanism (CWE-288) and improper verification of authentication credentials (CWE-620).

Impact

An attacker without any privileges can remotely execute arbitrary system commands with root level access over the network, which means complete takeover of the device, ability to read and modify configuration, and potential use of the device as an entry point to the further network.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict access to the device management interface only to trusted hosts or management networks and, until the patch is installed, to disable or restrict access to the Filesystem Browser functionality. Detailed recommendations are available in the ICS-CERT message: ICSA-26-069-02.

Who is affected

Lantronix EDS3016PS1NS Firmware, Lantronix EDS3008PS1NS Firmware and corresponding hardware devices; vulnerability confirmed in firmware version 3.1.0.0R2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lantronix Eds3008ps1ns

    HW
    Lantronix
    wszystkie wersje
  • Lantronix Eds3008ps1ns Firmware

    OS
    Lantronix
    3.1.0.0r2
  • Lantronix Eds3016ps1ns

    HW
    Lantronix
    wszystkie wersje
  • Lantronix Eds3016ps1ns Firmware

    OS
    Lantronix
    3.1.0.0r2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2025-67039CRITICAL9.1PL ✓ten sam produkt

Pominięcie uwierzytelnienia w urządzeniach Lantronix EDS3000PS

CVE-2025-70082CRITICAL9.8PL ✓ten sam produkt

RCE i ujawnienie danych w Lantronix EDS3000PS via ltrx_evo

CVE-2025-67038CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Command injection w Lantronix EDS5000 – wykonanie poleceń jako root

CVE-2025-67035CRITICAL9.8PL ✓ten sam vendor

OS command injection w Lantronix EDS5000 — wykonanie kodu jako root

CVE-2021-21872CRITICAL9.9ten sam vendor

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantr...