Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Lantronix EDS5000: Authorized User Can Execute Root Commands
CVE-2025-67034
Summary
A user with a valid login can run system commands with full access, potentially taking control of the device. This could allow an attacker to make changes to the system or steal sensitive information. Update to the latest version of EDS5000 software to fix this issue.
Original title
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. In...
Original description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
Vulnerability type
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026