22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

Staff Editor 2026-04-21
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html

Publish Date: 2026-04-21 11:46:00

Source Domain: thehackernews.com

Ravie LakshmananApr 21, 2026Network Security / Vulnerability

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.

The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally.

“Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links,” the cybersecurity company said in a report shared with The Hacker News.

Serial-to-IP converters are hardware devices that enable users to remotely access, control, and manage any serial device over an IP network or the internet by “bridging” legacy applications and industrial control systems (ICS) that operate over TCP/IP.

At a high level, as many as eight security flaws have been discovered in Lantronix products (EDS3000PS Series and EDS5000 Series) and 14 in Silex SD330-AC. These shortcomings fall under the following broad categories –

  • Remote code execution – CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, and CVE-2025-67038
  • Client-side code execution – CVE-2026-32963
  • Denial-of-service (DoS) – CVE-2026-32961, CVE-2015-5621, CVE-2024-24487
  • Authentication bypass – CVE-2026-32960, CVE-2025-67039
  • Device takeover – FSCT-2025-0021 (no CVE assigned), CVE-2026-32965, CVE-2025-70082
  • Firmware tampering – CVE-2026-32958
  • Configuration tampering – CVE-2026-32962, CVE-2026-32964
  • Information disclosure – CVE-2026-32959
  • Arbitrary file upload – CVE-2026-32957

Successful exploitation of the aforementioned flaws could allow attackers to disrupt serial communications with field assets, conduct lateral movement, and tamper with sensor values or modify actuator behavior.

In a hypothetical attack…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy