GCVE - cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*

part: o version: 2.1.0.0 update: r3

Vendor	Lantronix (`202287bc-8c55-5db8-b040-60b41e51fe84`)
Product	Eds5016 Firmware (`55a09854-0fd9-5aa6-8fa4-ad7962c3abd7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-67038`	vulnerable	2026-06-03 15:11:01.338978	Details available An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. Published: 2026-03-11T00:00:00.000Z Updated: 2026-03-12T16:06:41.785Z Open on db.gcve.eu Reference links http://lantronix.com http://eds5000.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67037`	vulnerable	2026-06-03 15:11:01.335575	Details available An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. Published: 2026-03-11T00:00:00.000Z Updated: 2026-03-12T14:41:47.973Z Open on db.gcve.eu Reference links http://lantronix.com http://eds5000.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67036`	vulnerable	2026-06-03 15:11:01.334654	Details available An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges. Published: 2026-03-11T00:00:00.000Z Updated: 2026-03-12T14:38:53.579Z Open on db.gcve.eu Reference links http://lantronix.com http://eds5000.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67035`	vulnerable	2026-06-03 15:11:01.333848	Details available An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges. Published: 2026-03-11T00:00:00.000Z Updated: 2026-03-12T14:34:11.984Z Open on db.gcve.eu Reference links http://lantronix.com http://eds5000.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67034`	vulnerable	2026-06-03 15:11:01.331249	Details available An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. Published: 2026-03-11T00:00:00.000Z Updated: 2026-03-12T14:31:58.900Z Open on db.gcve.eu Reference links http://lantronix.com http://eds5000.com https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Eds5016 Firmware

PURL mappings

Vulnerability references

Contribute