A critical code injection vulnerability in Lantronix EDS5000 devices allows for remote command execution and is currently being exploited in the wild.

This is a code injection vulnerability that allows an attacker to execute arbitrary commands on the underlying system. The flaw is exploitable by an unauthenticated attacker with network access to the device.

The exploitation of this vulnerability poses a catastrophic risk to organizational security, as it grants attackers full control over the affected hardware. Given the high CVSS score of 9.5 and confirmed active exploitation, this flaw can lead to complete system compromise, unauthorized access to sensitive network segments, and long-term persistence within the environment.

Immediate Action: Apply the vendor-supplied security patches or mitigations immediately, as this vulnerability is confirmed to be under active exploitation.

Proactive Monitoring: Review system logs for signs of unauthorized process execution or anomalous network traffic originating from the EDS5000 devices.

Compensating Controls: Isolate affected devices from the public internet using a WAF or VPN and restrict management access to trusted administrative IP addresses only.

Public Exploit Available: True

The active exploitation of this vulnerability in the wild makes this a top-tier priority. Security teams should treat all Lantronix EDS5000 units as compromised until they are updated or verified as protected. Immediate patching or isolation is required to mitigate the severe risk of remote code execution.