CVE-2025-67039
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
An authentication bypass vulnerability was discovered in Lantronix EDS3000PS version 3.1.0.0R2. By appending a specific suffix to the URL and sending an Authorization header with the username 'admin', an attacker can bypass authentication on management pages.
Risk Assessment
An attacker can gain unauthorized access to the device's administrative panel, potentially leading to full control over the network device and compromising network security.
Recommendation
Immediately update the Lantronix EDS3000PS firmware to the latest available version that addresses this vulnerability. As a temporary measure, restrict access to the management interface to trusted IP addresses only.
Original NVD description (English source)
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.

