Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Lantronix EDS3000PS: Unauthorized Access to Management Pages
CVE-2025-67039
Summary
A security weakness in Lantronix's EDS3000PS version 3.1.0.0R2 allows an attacker to access management pages without a valid login. This could allow an unauthorized person to make changes to the device's settings or sensitive data. To protect your device, update to the latest software version.
Original title
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header tha...
Original description
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
Vulnerability type
CWE-288
Authentication Bypass Using Alternate Path
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026