lantronix

Top products

The 15 most recently published vulnerabilities affecting lantronix.

• CVE-2025-70082An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component9.8Mar 11, 2026
• CVE-2025-67041An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the or...9.8Mar 11, 2026
• CVE-2025-67039An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header tha...9.1Mar 11, 2026
• CVE-2025-67038An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the c...9.8Mar 11, 2026
• CVE-2025-67037An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed...8.8Mar 11, 2026
• CVE-2025-67036An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authe...8.8Mar 11, 2026
• CVE-2025-67035An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An...9.8Mar 11, 2026
• CVE-2025-67034An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. In...8.8Mar 11, 2026
• CVE-2025-7766Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference8.0Jul 22, 2025
• CVE-2025-4338Lantronix Device Installer Improper Restriction of XML External Entity Reference6.8May 22, 2025
• CVE-2025-2567Lantronix Xport Missing Authentication for Critical Function9.8Apr 15, 2025
• CVE-2023-7237Lantronix XPort Weak Encoding for Password5.7Jan 23, 2024
• CVE-2021-21896A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary f...6.5Dec 22, 2021
• CVE-2021-21895A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwr...7.2Dec 22, 2021
• CVE-2021-21894A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file ove...9.1Dec 22, 2021