Lantronix EDS5000 OS Command Injection Vulnerability Allowing Root Privilege Execution

Vulnerability

A vulnerability exists in the Lantronix EDS5000 version 2.1.0.0R3, where multiple OS injection vulnerabilities have been introduced due to inadequate input sanitization on the SSH Client and SSH Server pages. This flaw allows an attacker to inject arbitrary commands into delete actions for various objects, including server keys, users, and known hosts. The injected commands are executed with root privileges.

Impact

Exploitation of this vulnerability allows for authentication bypass and execution of injected commands with root-level privileges.

Added: Mar 11, 2026, 5:35 PM

Updated: Mar 11, 2026, 5:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lantronix EDS5000 OS Command Injection Vulnerability Allowing Root Privilege Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating