9.8

CVE-2025-67041

Medienbericht
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LantronixEds3016ps1ns Firmware Version3.1.0.0 Updater2
   LantronixEds3016ps1ns Version-
LantronixEds3008ps1ns Firmware Version3.1.0.0 Updater2
   LantronixEds3008ps1ns Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.177
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CWE-620 Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02
Third Party Advisory
US Government Resource
http://eds3000ps.com
Not Applicable