22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters Ravie LakshmananApr 21, 2026Network Security / Vulnerability Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally. "Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links," the cybersecurity company said in a report shared with The Hacker News. Serial-to-IP converters are hardware devices that enable users to remotely access, control, and manage any serial device over an IP network or the internet by "bridging" legacy applications and industrial control systems (ICS) that operate over TCP/IP. At a high level, as many as eight security flaws have been discovered in Lantronix products (EDS3000PS Series and EDS5000 Series) and 14 in Silex SD330-AC. These shortcomings fall under the following broad categories - Remote code execution - CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, and CVE-2025-67038 Client-side code execution - CVE-2026-32963 Denial-of-service (DoS) - CVE-2026-32961, CVE-2015-5621, CVE-2024-24487 Authentication bypass - CVE-2026-32960, CVE-2025-67039 Device takeover - FSCT-2025-0021 (no CVE assigned), CVE-2026-32965, CVE-2025-70082 Firmware tampering - CVE-2026-32958 Configuration tampering - CVE-2026-32962, CVE-2026-32964 Information disclosure - CVE-2026-32959 Arbitrary file upload - CVE-2026-32957 Successful exploitation of the aforementioned flaws could allow attackers to disrupt serial communications with field assets, conduct lateral movement, and tamper with sensor values or modify actuator behavior. In a hypothetical attack scenario, a threat actor could gain initial access to a remote facility through an internet-exposed edge device, such as an industrial router or firewall, and then weaponize BRIDGE:BREAK vulnerabilities to compromise the serial-to-IP converter, and alter serial data moving to or from the IP network. Lantronix and Silex have released security updates to address the identified issues - Lantronix EDS3000PS Series Lantronix EDS5000 Series Silex Besides applying patches, users are advised to replace default credentials, avoid using weak passwords, segment networks to prevent bad actors from reaching vulnerable serial-to-IP converters or using them as jumping-off points to other critical assets, and ensure the devices are not exposed to the internet. "This research highlights weaknesses in serial-to-IP converters and the risks they can introduce in critical environments," Forescout said. "As these devices are increasingly deployed to connect legacy serial equipment to IP networks, vendors and end-users should treat their security implications as a core operational requirement." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cybersecurity, Firmware Security, industrial control system, network security, remote code execution, Vulnerability Trending News Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Your MTTD Looks Great. Your Post-Alert Gap Doesn't Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution The Hidden Security Risks of Shadow AI in Enterprises Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Load More ▼ Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization Fix Rising Application Security Risks Driven by AI Development