22 BRIDGE:BREAK Errors Revealing Thousands of Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be used to hack into vulnerable devices and intercept data exchanged by them.
Risks are collectively assumed BRIDGE: BREAK by Forescout Research Vedere Labs, which has identified nearly 20,000 serial-to-Ethernet converters exposed on the Internet worldwide.
“Some of these vulnerabilities allow attackers to gain full control over critical equipment connected via serial links,” the cybersecurity firm said in a report shared with Hacker News.
Serial-to-IP converters are hardware devices that allow users to remotely access, control, and manage any serial device over an IP network or the Internet by “bypassing” legacy applications and industrial control systems (ICS) that run over TCP/IP.
At the highest level, up to eight security flaws were found in Lantronix products (EDS3000PS Series and EDS5000 Series) and 14 in the Silex SD330-AC. These shortcomings fall under the following broad categories –
- Remote code execution – CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-6033, CVE-2033, CVE-2041 CVE-2025-67037, and CVE-2025-67038
- Client-side code execution – CVE-2026-32963
- Denial-of-service (DoS) – CVE-2026-32961, CVE-2015-5621, CVE-2024-24487
- Authentication bypass – CVE-2026-32960, CVE-2025-67039
- Device exploit – FSCT-2025-0021 (no CVE assigned), CVE-2026-32965, CVE-2025-70082
- Firmware tampering – CVE-2026-32958
- Configuration bug – CVE-2026-32962, CVE-2026-32964
- Information disclosure – CVE-2026-32959
- Arbitrary file upload – CVE-2026-32957
Successful exploitation of the aforementioned flaws may allow attackers to disrupt serial communications with field assets, drive joint motions, and disrupt sensor values or change actuator behavior.
In the case of a hypothetical attack, a threat actor could gain initial access to a remote location using an edge device exposed to the Internet, such as an industrial router or firewall, and use the BRIDGE:BREAK vulnerability to compromise the serial-to-IP converter, and modify serial data to and from the IP network.
Lantronix and Silex have released security updates to address the identified issues –
In addition to using patches, users are advised to replace default credentials, avoid using weak passwords, network components to prevent bad actors from accessing vulnerable serial-to-IP converters or using them as jumping points for other valuable assets, and ensure that devices are not exposed to the Internet.
“This study highlights vulnerabilities in serial-to-IP converters and the risks they can present in critical environments,” Forescout said. “As these devices are increasingly used to connect legacy serial devices to IP networks, vendors and end users must treat their security implications as a key operational requirement.”
