PT-2025-52603 · Lantronix · Eds5008 Firmware+2
Published
2025-12-19
·
Updated
2026-03-15
·
CVE-2025-67036
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lantronix EDS5000 version 2.1.0.0R3
Description
A flaw exists in the Lantronix EDS5000 software where the Log Info page allows users to view log files by specifying file names. A missing sanitization check on the file name parameter enables an authenticated attacker to inject arbitrary operating system commands. These commands are executed with root privileges. The vulnerable parameter is the file name provided to the Log Info page.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eds5008 Firmware
Eds5016 Firmware
Eds5032 Firmware