Lantronix
lantronix
43 CVEs • 25 products
Products (25)
Click to collapseToggle
Products (25)
Click to collapse
CVEs (43)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Lantronix 2Eds3008ps1ns Firmware Eds3016ps1ns FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component |
1Lantronix 2Eds3008ps1ns Firmware Eds3016ps1ns FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and exec...Show more |
1Lantronix 2Eds3008ps1ns Firmware Eds3016ps1ns FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the u...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sani...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can i...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject ar...Show more |
1Lantronix 3Eds5008 Firmware Eds5016 FirmwareEds5032 FirmwareMar 19, 2026 Mar 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are exe...Show more |
Lantronix XPort sends weakly encoded credentials within web request headers.
|
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attack...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can ma...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.1 CRITICAL· v3 6.5 MEDIUM· v2 A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disc...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An atta...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.1 CRITICAL· v3 6.5 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in t...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.1 CRITICAL· v3 6.5 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in t...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execu...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.1 CRITICAL· v3 6.5 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make...Show more |
1Lantronix 1Premierwave 2050 Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authe...Show more |