Router CVE Weekly Digest — Week of Mar 9, 2026

Affected Vendors (42 CVEs this week):

• Fortinet – 22 CVEs
• Lantronix – 8 CVEs
• Cisco – 6 CVEs
• ASUS – 3 CVEs
• Palo Alto Networks – 2 CVEs
• TP-Link – 1 CVE

Critical Vulnerabilities Demand Immediate Attention

This week brings a significant spike in critical router and network device vulnerabilities, with five CVEs rated critical (CVSS 9.1–9.8). Lantronix devices dominate the critical list, accounting for five of the worst flaws identified. If you manage Lantronix EDS3000PS or EDS5000 units in your environment, firmware updates should be your top priority.

The most severe issues include:

• CVE-2025-70082, CVE-2025-67038, and CVE-2025-67041 (all CVSS 9.8) affect command execution and input validation across Lantronix devices. CVE-2025-70082 allows arbitrary code execution via the ltrx_evo component. CVE-2025-67038 enables command injection through unauthenticated login failures, while CVE-2025-67041 exploits unsanitized TFTP parameters in the Filesystem Browser.
• CVE-2025-67035 (CVSS 9.8) introduces OS injection flaws in SSH configuration pages on the EDS5000, and CVE-2025-67039 (CVSS 9.1) bypasses authentication entirely by manipulating URL suffixes and headers on the EDS3000PS.

These are not theoretical risks—they require no special authentication or user interaction in several cases. Action item: Check Lantronix device firmware versions immediately and deploy patches from vendor advisories.

Fortinet Surge: 22 Vulnerabilities Across Multiple Products

Fortinet reported 22 CVEs this week, making it the vendor with the highest volume. While none reach critical severity, the diversity of affected products is concerning. High-severity flaws include:

• CVE-2026-22627 (CVSS 8.8): A classic buffer overflow in FortiSwitchAXFixed affecting versions 1.0.0–1.0.1
• CVE-2025-54820 (CVSS 8.1): Stack-based buffer overflow in FortiManager 7.2.0–7.4.2
• CVE-2026-24017 (CVSS 8.1): Rate-limiting bypass in FortiWeb 7.6.0–8.0.2
• CVE-2026-22572 (CVSS 7.2): Authentication bypass in FortiAnalyzer via alternate channel access
• CVE-2026-25836 (CVSS 7.2): OS command injection in FortiSandbox Cloud 5.0.4

The breadth suggests ongoing quality control challenges across Fortinet's product line. MSPs managing Fortinet appliances should prioritize patch cycles for FortiManager, FortiAnalyzer, and FortiWeb platforms. Review your version inventory against the affected ranges above.

Cisco IOS XR: Privilege Escalation and Root Command Execution

Cisco reported six CVEs, with two high-severity flaws in IOS XR Software that allow authenticated local attackers to escalate privileges or execute arbitrary commands as root:

• CVE-2026-20046 (CVSS 8.8): Improper task group assignment in a CLI command
• CVE-2026-20040 (CVSS 8.8): Direct root command execution via CLI
• CVE-2026-20074 (CVSS 7.4): IS-IS routing denial-of-service

The privilege escalation risks are significant for organizations using IOS XR in core routing infrastructure. These require local access, which reduces exposure in some environments but is critical for enterprises with remote hands-on management. Check for available IOS XR patches and prioritize lab testing before broad deployment.

TP-Link and Additional High-Risk Findings

CVE-2026-3841 (CVSS 8.8) identifies a command injection vulnerability in the TP-Link TL-MR6400 v5.3 Telnet CLI—a common device in small business and branch networks. Telnet access is often enabled by default; verify whether your TL-MR6400 units expose this interface externally.

Lantronix also reports three additional high-severity flaws (CVE-2025-67036, CVE-2025-67037, CVE-2025-67034) involving authenticated OS command injection in the EDS5000, extending the attack surface beyond the critical issues.

Recommendations

• Lantronix users: Treat this as emergency-level. All five critical CVEs affect active device lines; contact vendor support for firmware availability and test in isolated environments first.
• Fortinet environments: Catalog versions of FortiManager, FortiAnalyzer, FortiWeb, and FortiSwitchAXFixed against the vulnerable ranges. Schedule patching this week.
• Cisco IOS XR: Verify which routers run affected versions and check Cisco's advisories for patch availability. Prioritize lab validation for core infrastructure.
• TP-Link TL-MR6400: Disable Telnet management access if not actively required; update to v5.4 or later when available.