Description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
Published: 2026-03-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection with Root Privileges
Action: Patch
AI Analysis

Impact

An authenticated attacker can inject OS commands into the 'tunnel' parameter when terminating a tunnel on Lantronix EDS5000 devices running firmware 2.1.0.0 r3. This injection causes the commands to execute with root privileges, effectively granting the attacker full system control. The vulnerability is classified as Command Injection (CWE‑94). With a CVSS score of 8.8, the defect presents high severity, allowing remote code execution that can compromise confidentiality, integrity, and availability.

Affected Systems

Affected devices include Lantronix EDS5008, EDS5016, and EDS5032 models. All are vulnerable when running firmware version 2.1.0.0 r3, as indicated by the CPE entries and the recommendation that this specific firmware revision exhibits the flaw. No other versions are documented as affected in the provided data.

Risk and Exploitability

The EPSS score is reported as less than 1%, suggesting a low likelihood of observed exploitation events, and the vulnerability is not listed in the CISA KEV catalog. However, the high CVSS score and the fact that the flaw requires authenticated access to a management function mean that an attacker who gains credentials could immediately exploit the device. The attack vector is likely through the device’s management interface or any API that allows a user to terminate a tunnel connection. Since no workaround or patch is referenced in the data, the primary risk remains until a vendor update becomes available.

Generated by OpenCVE AI on March 19, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Lantronix for a firmware update that addresses this vulnerability; apply the update as soon as it is available.
  • If no update is available, restrict network access to the device and enforce strong, least‑privilege authentication for management functions.
  • Consider disabling the tunnel kill functionality if it is not needed for your operation.
  • Monitor device logs for unexpected tunnel kill activity or suspicious command execution.

Generated by OpenCVE AI on March 19, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Authenticated Command Injection in Lantronix EDS5000 Firmware 2.1.0.0 R3 via Tunnel Kill Parameter

Thu, 19 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix eds5008
Lantronix eds5008 Firmware
Lantronix eds5016
Lantronix eds5016 Firmware
Lantronix eds5032
Lantronix eds5032 Firmware
CPEs cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*
Vendors & Products Lantronix eds5008
Lantronix eds5008 Firmware
Lantronix eds5016
Lantronix eds5016 Firmware
Lantronix eds5032
Lantronix eds5032 Firmware

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix
Lantronix eds5000
Vendors & Products Lantronix
Lantronix eds5000

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
References

Subscriptions

Lantronix Eds5000 Eds5008 Eds5008 Firmware Eds5016 Eds5016 Firmware Eds5032 Eds5032 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-12T14:41:47.973Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67037

cve-icon Vulnrichment

Updated: 2026-03-12T14:41:40.316Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T17:16:51.900

Modified: 2026-03-19T20:13:48.597

Link: CVE-2025-67037

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:51Z

Weaknesses