Lantronix EDS3000PS v.3.1.0.0R2 allows arbitrary code execution and data theft

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Lantronix EDS3000PS v.3.1.0.0R2 allows arbitrary code execution and data theft

CVE-2025-70082

Summary

The Lantronix EDS3000PS version 3.1.0.0R2 firmware has a security weakness that allows an unauthorized person to run malicious code and steal sensitive data. This can happen if an attacker connects to the device's management interface. To protect your device, update to the latest firmware version as soon as possible.

Original title

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component

Original description

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component

Vulnerability type

CWE-78 OS Command Injection

CWE-288 Authentication Bypass Using Alternate Path

CWE-620

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026