Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: lantronix (2 articles)Clear

Ubiquiti UniFi and Lantronix flaws now exploited; CISA sets June 26 deadline

CISA has confirmed active exploitation of four critical flaws in Ubiquiti UniFi OS and Lantronix EDS5000 devices, adding them to its Known Exploited Vulnerabilities catalog with a June 26 deadline for federal agencies. Three UniFi OS bugs (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910), each rated 10.0, can be chained for unauthenticated remote code execution and root; attackers were seen creating rogue admin accounts. The Lantronix flaw (CVE-2025-67038) is an unauthenticated root command injection in the EDS5000 serial console server. Ubiquiti patched UniFi OS Server in version 5.0.8, and Lantronix in firmware 2.2.0.0R1. Compromised network appliances let attackers pivot deep into internal networks.

Check
Inventory Ubiquiti UniFi OS consoles and gateways and any Lantronix EDS5000 device servers, confirm their firmware versions, and review logs for unexpected admin accounts or commands, especially on internet-reachable management interfaces.
Affected
UniFi OS devices before Server version 5.0.8 (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) and Lantronix EDS5000 on firmware 2.1.0.0R3 (CVE-2025-67038); unauthenticated attackers can reach root and pivot inward.
Fix
Update UniFi OS to 5.0.8 or later and Lantronix EDS5000 to firmware 2.2.0.0R1 before the June 26 deadline, and restrict device management interfaces to trusted networks until patched.

BRIDGE:BREAK - 22 new flaws expose ~20,000 internet-facing Lantronix and Silex serial-to-IP converters to full takeover

Forescout Vedere Labs disclosed BRIDGE:BREAK, a set of 22 new vulnerabilities in serial-to-IP converters from Lantronix and Silex that together expose roughly 20,000 devices visible on the open internet. Serial-to-IP converters bridge legacy serial-port equipment (older industrial PLCs, building-automation controllers, medical devices, laboratory instruments) to modern TCP/IP networks, so attackers compromising them can read and tamper with the raw serial traffic flowing to field equipment. Eight flaws affect Lantronix EDS3000PS and EDS5000 series; fourteen affect Silex SD330-AC. The categories span unauthenticated remote code execution (CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67034 through 67038, CVE-2025-67041), authentication bypass (CVE-2026-32960, CVE-2025-67039), full device takeover (CVE-2026-32965, CVE-2025-70082, plus FSCT-2025-0021 with no CVE assigned), firmware tampering (CVE-2026-32958), arbitrary file upload (CVE-2026-32957), and information disclosure (CVE-2026-32959). The researchers describe a realistic kill chain where an attacker first pops an internet-facing edge device like an industrial router, then pivots through a compromised serial-to-IP converter to silently alter sensor readings or actuator commands flowing to field assets - data-integrity attacks that are invisible to most OT monitoring. Both vendors have released firmware updates.

Check
Search your asset inventory and external-attack-surface data for any Lantronix EDS3000PS, EDS5000, or Silex SD330-AC devices, then confirm they are both patched and not directly internet-exposed.
Affected
Lantronix EDS3000PS Series and EDS5000 Series; Silex SD330-AC. Vulnerable firmware versions listed per device in the respective Lantronix and Silex advisories.
Fix
Apply the firmware updates Lantronix and Silex have released for each affected model (see vendor advisories for version-specific fixes). Replace default credentials, put these devices behind network segmentation, and remove all direct internet exposure - serial-to-IP converters have no business being reachable from the public internet. Add Shodan/Censys monitoring for your ASN to catch rogue or forgotten deployments. If you cannot patch immediately, take the devices offline rather than leave them on the internet.