Full Report
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed
Analysis Summary
# Vulnerability: BRIDGE:BREAK - 22 Security Flaws in Serial-to-IP Converters
## CVE Details
- **CVE IDs:**
- **RCE:** CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038
- **Auth Bypass:** CVE-2026-32960, CVE-2025-67039
- **Device Takeover:** CVE-2026-32965, CVE-2025-70082, FSCT-2025-0021
- **DoS/Other:** CVE-2026-32961, CVE-2015-5621, CVE-2024-24487, CVE-2026-32963 (Client-side), CVE-2026-32958 (Firmware), CVE-2026-32962, CVE-2026-32964, CVE-2026-32959, CVE-2026-32957
- **CVSS Score:** Not explicitly listed per CVE in text, but described as **Critical/High** (allows full control of mission-critical devices).
- **CWE:** Multiple (includes Remote Code Execution, Authentication Bypass, Arbitrary File Upload, and Denial of Service).
## Affected Systems
- **Products:**
- Lantronix EDS3000PS Series
- Lantronix EDS5000 Series (EDS5008, EDS5016, EDS5032)
- Silex SD-330AC
- **Versions:** All versions prior to the 2026 security patches.
- **Configurations:** Devices exposed directly to the internet or reachable via compromised edge routers/firewalls.
## Vulnerability Description
The BRIDGE:BREAK vulnerabilities affect the "bridge" between legacy serial protocols and modern IP networks. The flaws range from memory corruption and insecure firmware update mechanisms to logic errors in authentication. Attackers can exploit these to gain Remote Code Execution (RCE), bypass login requirements, or upload arbitrary files. Because these devices often lack robust protection against modern network attacks, they serve as a weak point for pivoting from IT networks into Industrial Control Systems (ICS).
## Exploitation
- **Status:** PoC available (developed by Forescout Research; no confirmed "in-the-wild" exploitation reported in the immediate text).
- **Complexity:** Medium (requires knowledge of serial-to-IP protocol bridging).
- **Attack Vector:** Network (Remote).
## Impact
- **Confidentiality:** High (Information disclosure and data interception).
- **Integrity:** High (Tampering with serial data, sensor values, and actuator behavior).
- **Availability:** High (Denial of Service and full device takeover).
## Remediation
### Patches
- **Lantronix:** Update EDS3000PS and EDS5000 Series to the latest firmware versions available via the Lantronix support portal.
- **Silex:** Apply the security updates specified in Silex Advisory 2026-001.
### Workarounds
- **Network Segmentation:** Isolate serial-to-IP converters from the public internet and guest networks.
- **Credential Hygiene:** Replace all default vendor credentials with strong, unique passwords.
- **Access Control:** Restrict management interface access to authorized internal IP addresses only.
## Detection
- **Indicators of Compromise:** Unusual configuration changes, unauthorized firmware update attempts, or spikes in traffic on serial management ports.
- **Detection Methods:** Use Forescout’s research tools or OT-specific IDS to monitor for exploitation attempts against the listed CVEs. Scan for exposed devices using Shodan or Censys.
## References
- Forescout Research: hxxps://www[.]forescout[.]com/research-labs/bridgebreak-vulnerabilities-thrive-in-serial-to-ethernet-converters/
- Lantronix EDS3000PS Firmware: hxxps://ltrxdev[.]atlassian[.]net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series
- Lantronix EDS5000 Series Firmware: hxxps://ltrxdev[.]atlassian[.]net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032
- Silex Security Advisory: hxxps://www[.]silex[.]jp/support/security-advisories/en/2026-001