CVE-2025-67038

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-67038
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://eds5000.com Not Applicable
http://lantronix.com Product
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*
History

19 Mar 2026, 20:12

Type Values Removed Values Added
First Time Lantronix eds5016 Firmware
Lantronix eds5008 Firmware
Lantronix eds5032 Firmware
Lantronix eds5016
Lantronix eds5008
Lantronix eds5032
Lantronix
CPE cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*
References () http://eds5000.com - () http://eds5000.com - Not Applicable
References () http://lantronix.com - () http://lantronix.com - Product
References () https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02 - () https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02 - Third Party Advisory, VDB Entry
Summary
  • (es) Se descubrió un problema en Lantronix EDS5000 2.1.0.0R3. El módulo HTTP RPC ejecuta un comando de shell para escribir registros cuando la autenticación del usuario falla. El nombre de usuario se concatena directamente con el comando sin ninguna sanitización. Esto permite a los atacantes inyectar comandos arbitrarios del sistema operativo en el parámetro de nombre de usuario. Los comandos inyectados se ejecutan con privilegios de root.

12 Mar 2026, 17:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-94

11 Mar 2026, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-11 17:16

Updated : 2026-03-19 20:12

NVD link : CVE-2025-67038

Mitre link : CVE-2025-67038

CVE.ORG link : CVE-2025-67038

JSON object : View

Products Affected

lantronix

  • eds5016_firmware
  • eds5016
  • eds5032
  • eds5008
  • eds5032_firmware
  • eds5008_firmware
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')