Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Lantronix EDS5000: Unauthorized OS Command Execution via Log File Name
CVE-2025-67036
Summary
An attacker can execute arbitrary system commands with root privileges by manipulating the log file name on the Lantronix EDS5000 version 2.1.0.0R3. This allows the attacker to potentially access or modify sensitive system data. Update to the latest version of the software to fix this vulnerability.
Original title
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authe...
Original description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.
Vulnerability type
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026