Description
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
Published: 2026-03-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

An improper sanitization of the host parameter in the TFTP client on Lantronix EDS3000PS firmware 3.1.0.0 R2 allows an attacker to inject and execute arbitrary commands with root privileges, constituting a remote code execution vulnerability. The weakness is identified as CWE-288, CWE-620, and CWE-78. The potential impact is that a compromised device could deliver any payload to the host system, jeopardizing the confidentiality, integrity, and availability of the entire connected network.

Affected Systems

Affected systems include Lantronix EDS3008PS1NS and EDS3016PS1NS devices running firmware version 3.1.0.0 R2. No other models or firmware are listed as impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. The EPSS score of less than 1% suggests exploitable code is not widely observed today, and the vulnerability is not present in the CISA KEV catalog. It is likely exploitable remotely via the web interface’s TFTP client; an attacker with network access to the device’s web interface can supply a crafted host parameter to trigger the exploit. Because the vulnerability grants root privileges without additional prerequisites, the risk for an attacker with web access is high.

Generated by OpenCVE AI on March 19, 2026 at 21:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update that addresses the TFTP host parameter sanitization flaw; if no patch is available, obtain an updated firmware from Lantronix.
  • If immediate firmware update is not possible, disable the TFTP client feature within the Filesystem Browser page or restrict its use to trusted IP addresses.
  • Limit access to the web interface by implementing network segmentation or firewall rules to allow only trusted management hosts.
  • Monitor device logs for anomalous command execution attempts and review any suspicious activity promptly.

Generated by OpenCVE AI on March 19, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Title Lantronix EDS3000PS TFTP Command Injection Exploit

Thu, 19 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix eds3008ps1ns
Lantronix eds3008ps1ns Firmware
Lantronix eds3016ps1ns
Lantronix eds3016ps1ns Firmware
CPEs cpe:2.3:h:lantronix:eds3008ps1ns:-:*:*:*:*:*:*:*
cpe:2.3:h:lantronix:eds3016ps1ns:-:*:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds3008ps1ns_firmware:3.1.0.0:r2:*:*:*:*:*:*
cpe:2.3:o:lantronix:eds3016ps1ns_firmware:3.1.0.0:r2:*:*:*:*:*:*
Vendors & Products Lantronix eds3008ps1ns
Lantronix eds3008ps1ns Firmware
Lantronix eds3016ps1ns
Lantronix eds3016ps1ns Firmware

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Lantronix
Lantronix eds3000ps
Vendors & Products Lantronix
Lantronix eds3000ps

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288
CWE-620
CWE-78
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
References

Subscriptions

Lantronix Eds3000ps Eds3008ps1ns Eds3008ps1ns Firmware Eds3016ps1ns Eds3016ps1ns Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-11T19:22:40.528Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67041

cve-icon Vulnrichment

Updated: 2026-03-11T19:14:46.412Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T17:16:52.243

Modified: 2026-03-19T20:09:32.663

Link: CVE-2025-67041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:33:48Z

Weaknesses