← Voltar para CVEs
CVE-2025-67035
CRITICAL9.8
Descricao
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/11/2026
Ultima modificacao3/19/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
lantronix:eds5008lantronix:eds5008_firmwarelantronix:eds5016lantronix:eds5016_firmwarelantronix:eds5032lantronix:eds5032_firmware
Fraquezas (CWE)
CWE-94
Referencias
http://eds5000.com(cve@mitre.org)
http://lantronix.com(cve@mitre.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.