Description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
Published: 2026-03-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

An OS injection vulnerability exists in the SSH Client and SSH Server pages of Lantronix EDS5000 firmware 2.1.0.0R3 due to missing input sanitization. The flaw allows an attacker to inject arbitrary shell commands into delete actions for objects such as server keys, users, and known hosts. Because the commands are executed with root privileges, the impact is Remote Code Execution. The weakness corresponds to CWE‑94, which describes the execution of injected code. Based on the description, it is inferred that the vulnerability can be exploited remotely via the web‑based management interface or SSH client web pages, though the exact attack vector is not explicitly stated.

Affected Systems

Affected systems include Lantronix EDS5008, EDS5016, and EDS5032 devices running firmware version 2.1.0.0R3. The Common Platform Enumeration identifiers for these products and firmware versions are: cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*, cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*, cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*, cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*, cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*, cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*.

Risk and Exploitability

The CVSS v3.1 score of 9.8 indicates a critical severity, meaning the vulnerability can have a severe impact on confidentiality, integrity, and availability. The EPSS score of less than 1% suggests a low likelihood of widespread exploitation at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, but the high CVSS still warrants proactive action. Without a publicly disclosed exploit, the attack may require an authenticated or at least network‑visible presence on the device, but any valid input to the affected delete endpoints can be used to execute malicious root commands.

Generated by OpenCVE AI on March 19, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor‑issued firmware upgrade that addresses the input sanitization issue.
  • If a patch is not yet available, disable or restrict access to the SSH Client and SSH Server web pages from untrusted networks.
  • Configure firewall rules or VLAN segmentation to limit management‑interface traffic to trusted IP ranges.
  • Enable logging for delete operations and monitor for anomalous activity indicative of injected command execution.

Generated by OpenCVE AI on March 19, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title OS Injection Vulnerabilities in Lantronix EDS5000 SSH Client and Server Pages Allow Remote Command Execution with Root Privileges

Thu, 19 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix eds5008
Lantronix eds5008 Firmware
Lantronix eds5016
Lantronix eds5016 Firmware
Lantronix eds5032
Lantronix eds5032 Firmware
CPEs cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*
Vendors & Products Lantronix eds5008
Lantronix eds5008 Firmware
Lantronix eds5016
Lantronix eds5016 Firmware
Lantronix eds5032
Lantronix eds5032 Firmware

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix
Lantronix eds5000
Vendors & Products Lantronix
Lantronix eds5000

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
References

Subscriptions

Lantronix Eds5000 Eds5008 Eds5008 Firmware Eds5016 Eds5016 Firmware Eds5032 Eds5032 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-12T14:34:11.984Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67035

cve-icon Vulnrichment

Updated: 2026-03-12T14:33:34.617Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T17:16:51.673

Modified: 2026-03-19T20:17:56.473

Link: CVE-2025-67035

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:52Z

Weaknesses