9.1
CVE-2025-67039
- EPSS 0.39%
- Veröffentlicht 11.03.2026 00:00:00
- Zuletzt bearbeitet 23.06.2026 19:09:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lantronix ≫ Eds3016ps1ns Firmware Version3.1.0.0r2
Lantronix ≫ Eds3008ps1ns Firmware Version3.1.0.0r2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.302 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02
http://eds3000ps.com