Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Lantronix EDS5000: Unsanitized Input Allows Command Injection
CVE-2025-67035
Summary
The Lantronix EDS5000's SSH client and server pages have a security flaw that allows an attacker to inject malicious commands. This can lead to unauthorized changes to the device's configuration and potentially allow an attacker to take control of the device. Update to the latest version to fix this issue.
Original title
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An...
Original description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
Vulnerability type
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026