20260421-thehackernews.com-83195 | Perceptive Security

< Back to index

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

Published:

21 April 2026 at 15:46:00

Alert date:

21 April 2026 at 16:01:13

Source:

thehackernews.com

Network Infrastructure, Critical Infrastructure, Mobile & IoT

Forescout Research Vedere Labs discovered 22 new vulnerabilities collectively named BRIDGE:BREAK affecting Lantronix and Silex serial-to-IP converters. These flaws could allow attackers to hijack susceptible devices and tamper with data exchanged by them. Nearly 20,000 Serial-to-Ethernet converters are exposed to these vulnerabilities. The affected devices are popular models used to convert serial communication to IP networks. The vulnerabilities pose significant risks to industrial and network infrastructure that relies on these conversion devices.

Technical details

22 vulnerabilities in serial-to-IP converters from Lantronix and Silex, collectively codenamed BRIDGE:BREAK. These devices bridge legacy applications and industrial control systems that operate over TCP/IP. Nearly 20,000 Serial-to-Ethernet converters are exposed online globally. Vulnerabilities include remote code execution, client-side code execution, denial-of-service, authentication bypass, device takeover, firmware tampering, configuration tampering, information disclosure, and arbitrary file upload. Attackers could disrupt serial communications, conduct lateral movement, tamper with sensor values or modify actuator behavior.

Mitigation steps:

Apply security updates from vendors, replace default credentials, avoid using weak passwords, segment networks to prevent access to vulnerable serial-to-IP converters, ensure devices are not exposed to the internet, treat security implications as a core operational requirement when deploying these devices to connect legacy serial equipment to IP networks

Affected products:

Lantronix EDS3000PS Series
Lantronix EDS5000 Series
Silex SD330-AC