22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters  Ravie Lakshmanan  Apr 21, 2026 Network Security / Vulnerability Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally. "Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links," the cybersecurity company said in a report shared with The Hacker News. Serial-to-IP converters are hardware devices that enable users to remotely access, control, and manage any serial device over an IP network or the internet by "bridging" legacy applications and industrial control systems (ICS) that operate over TCP/IP. At a high level, as many as eight security flaws have been discovered in Lantronix products (EDS3000PS Series and EDS5000 Series) and 14 in Silex SD330-AC. These shortcomings fall under the following broad categories - Remote code execution - CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, and CVE-2025-67038 Client-side code execution - CVE-2026-32963 Denial-of-service (DoS) - CVE-2026-32961, CVE-2015-5621, CVE-2024-24487 Authentication bypass - CVE-2026-32960, CVE-2025-67039 Device takeover - FSCT-2025-0021 (no CVE assigned), CVE-2026-32965, CVE-2025-70082 Firmware tampering - CVE-2026-32958 Configuration tampering - CVE-2026-32962, CVE-2026-32964 Information disclosure - CVE-2026-32959 Arbitrary file upload - CVE-2026-32957 Successful exploitation of the aforementioned flaws could allow attackers to disrupt serial communications with field assets, conduct lateral movement, and tamper with sensor values or modify actuator behavior. In a hypothetical attack scenario, a threat actor could gain initial access to a remote facility through an internet-exposed edge device , such as an industrial router or firewall, and then weaponize BRIDGE:BREAK vulnerabilities to compromise the serial-to-IP converter, and alter serial data moving to or from the IP network. Lantronix and Silex have released security updates to address the identified issues - Lantronix EDS3000PS Series Lantronix EDS5000 Series Silex Besides applying patches, users are advised to replace default credentials, avoid using weak passwords, segment networks to prevent bad actors from reaching vulnerable serial-to-IP converters or using them as jumping-off points to other critical assets, and ensure the devices are not exposed to the internet. "This research highlights weaknesses in serial-to-IP converters and the risks they can introduce in critical environments," Forescout said. "As these devices are increasingly deployed to connect legacy serial equipment to IP networks, vendors and end-users should treat their security implications as a core operational requirement." Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post. SHARE      Tweet  Share  Share  Share   Share on Facebook  Share on Twitter  Share on Linkedin  Share on Reddit  Share on Hacker News  Share on Email  Share on WhatsApp Share on Facebook Messenger  Share on Telegram SHARE  cybersecurity , Firmware Security , industrial control system , network security , remote code execution , Vulnerability Trending News 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation The Hidden Security Risks of Shadow AI in Enterprises Your MTTD Looks Great. Your Post-Alert Gap Doesn't Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Fix Rising Application Security Risks Driven by AI Development Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization