Security Advisory – X300 Series Firmware Update

Date: June 29, 2026

Overview

Lantronix has addressed multiple security vulnerabilities affecting the X300 Series Router. These vulnerabilities could allow an attacker to perform unauthorized actions under specific conditions.

The following CVEs are addressed by firmware release 2.6.0.4R6 published on June 29th, 2026.

  • CVE-2025-67034
  • CVE-2025-67036
  • CVE-2025-67037
  • CVE-2025-67038

Recommended Actions

Interim Mitigation (if unable to patch immediately)

  • Replace default credentials, and prohibit weak passwords, to reduce the risk of brute force attacks and exploitation of authenticated vulnerabilities.
  • Restrict network access to affected devices.
  • Place affected devices behind a firewall.
  • Limit management interfaces to trusted networks only.

Support

For technical assistance or questions regarding this advisory, please contact:

Email: [email protected]
Alternative Contact (if applicable): [email protected]