CVE-2025-67039
Authentication Bypass in Lantronix EDS3000PS Management Interface
Publication date: 2026-03-11
Last updated on: 2026-03-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lantronix | eds3016ps1ns_firmware | 3.1.0.0 |
| lantronix | eds3008ps1ns_firmware | 3.1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
By bypassing authentication on management pages, an attacker could gain unauthorized access to administrative functions of the Lantronix EDS3000PS device. This could lead to unauthorized configuration changes, exposure of sensitive information, or disruption of device operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in Lantronix EDS3000PS version 3.1.0.0R2. It allows an attacker to bypass the authentication mechanism on the management pages. The bypass is achieved by appending a specific suffix to the URL and sending an Authorization header that uses "admin" as the username.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know