Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Lantronix EDS3000PS/EDS5000PS and Silex SD330-AC serial-to-IP vulnerabilities multiple vulnerabilities security flaw (CVE-2025-70082)

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Forescout researchers disclosed 20 new vulnerabilities in Lantronix EDS3000PS/EDS5000PS and Silex SD330-AC serial-to-IP converters, putting industrial network infrastructure at risk of takeover and code execution. The most serious findings include multiple RCE flaws in the EDS5000PS and CVE-2025-70082 in the EDS3000PS, a CVSS 9.8 password-change weakness that can let an attacker seize the device and lock out administrators. The study also found that the firmware stacks behind these converters carry thousands of known vulnerabilities, making hardening and patching especially difficult.

Related Happenings

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

DrayTek Vigor router CVE-2025-10547 mitigation advisory

Advisory/Mitigation
First: 02.10.2025 20:37 Last: 02.10.2025 20:37 Sources 1

About this happening: **DrayTek** issued mitigation guidance for **CVE-2025-10547** affecting multiple **Vigor router** models, because unauthenticated remote requests to the **WebUI** can lead to memo...

Open Happening

Cisco SNMP mitigation guidance for CVE-2025-20352

Advisory/Mitigation
First: 25.09.2025 09:30 Last: 25.09.2025 09:30 Sources 1

About this happening: **Cisco** issued mitigation guidance for **CVE-2025-20352** on **SNMP-enabled IOS and IOS XE systems**, warning administrators to reduce exposure on devices that remain vulnerable...

Open Happening

Howyar Reloader UEFI application Secure Boot bypass flaw (CVE-2024-7344)

Vulnerability
First: 12.09.2025 14:50 Last: 12.09.2025 14:50 Sources 1

About this happening: **HybridPetya** is a newly disclosed **ransomware/bootkit** strain that exploits **CVE-2024-7344** in the **Howyar Reloader UEFI application** to bypass **UEFI Secure Boot** on **...

Open Happening

Timeline

  1. 21.04.2026 00:00 2 articles · 1mo ago

    Forescout disclosure of serial-to-IP converter vulnerabilities

    Initial Disclosure

    Forescout researchers disclosed 20 new vulnerabilities in serial-to-IP converters used in industrial networks, including eight previously undisclosed bugs in Lantronix EDS3000PS and EDS5000PS models and 12 bugs in Silex SD330-AC. The findings included multiple remote code execution flaws in the EDS5000PS, two rated CVSS 9.8, and CVE-2025-70082 in the EDS3000PS, a CVSS 9.8 weakness that let a user change the device password through the Web interface without entering the old password, creating a path to device takeover and administrator lockout. The research also found that the firmware stacks behind these devices carried hundreds or thousands of known vulnerabilities across outdated Linux kernels and open source components.

    Show sources
    Open in new tab