Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Lantronix EDS3000PS: Unrestricted File Access via TFTP Client
CVE-2025-67041
Summary
A security issue with the TFTP client in Lantronix EDS3000PS 3.1.0.0R2 allows an attacker to access and modify files on the device, potentially leading to unauthorized changes or data theft. This issue requires a specific exploit to occur, but it's essential to update the software to the latest version to prevent any potential risks. We recommend checking with the manufacturer for the latest software updates and following their recommended upgrade procedures.
Original title
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the or...
Original description
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
Vulnerability type
CWE-78
OS Command Injection
CWE-288
Authentication Bypass Using Alternate Path
CWE-620
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026