Description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
Published: 2026-03-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability occurs in the HTTP RPC module of Lantronix EDS5000 versions 2.1.0.0 R3 where an authentication failure log command is constructed by directly concatenating the supplied username into a shell command. This lack of input sanitization allows an attacker to inject and execute arbitrary OS commands. Because the command is run with root privileges, the impact is full system compromise with potentially unlimited control over the device and connected network. Key weakness: CWE‑94 – Improper Control of Generation of Code via User-Supplied Input.

Affected Systems

Affected products are Lantronix EDS5000 series devices, specifically models EDS5008, EDS5016 and EDS5032 running firmware version 2.1.0.0 R3. CPE identifiers include cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3, cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3, and cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity with an attack vector over the network. Although the EPSS score is below 1%, meaning current exploitation likelihood is low, the lack of a public exploit and KEV listing does not diminish the risk if a malicious actor targets these widely deployed industrial controllers. A remote attacker can craft a username containing shell commands, trigger an authentication failure, and have those commands executed as root via the HTTP RPC interface. Due to the root execution context, any command such as creating backdoors, exfiltrating data, or interrupting services can be performed.

Generated by OpenCVE AI on March 19, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware of Lantronix EDS5000 series devices to the latest release that removes the vulnerable RPC logging code.
  • If an upgrade is not immediately possible, restrict network access to the HTTP RPC interface or place the device behind a firewall that blocks unauthorized traffic.
  • Consider disabling the HTTP RPC service entirely if it is not required for legitimate operations.
  • Enable logging and monitoring to detect any suspicious command execution attempts.
  • Change default credentials and enforce strong authentication policies to reduce the likelihood of exploitation attempts.

Generated by OpenCVE AI on March 19, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Root Privilege OS Command Injection via Unvalidated Username in Lantronix EDS5000 Logging

Thu, 19 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix eds5008
Lantronix eds5008 Firmware
Lantronix eds5016
Lantronix eds5016 Firmware
Lantronix eds5032
Lantronix eds5032 Firmware
CPEs cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*
Vendors & Products Lantronix eds5008
Lantronix eds5008 Firmware
Lantronix eds5016
Lantronix eds5016 Firmware
Lantronix eds5032
Lantronix eds5032 Firmware

Thu, 12 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix
Lantronix eds5000
Vendors & Products Lantronix
Lantronix eds5000

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.
References

Subscriptions

Lantronix Eds5000 Eds5008 Eds5008 Firmware Eds5016 Eds5016 Firmware Eds5032 Eds5032 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-12T16:06:41.785Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67038

cve-icon Vulnrichment

Updated: 2026-03-12T16:05:43.751Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T17:16:52.010

Modified: 2026-03-19T20:12:13.740

Link: CVE-2025-67038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:50Z

Weaknesses