Cybersecurity researchers at Forescout’s Vedere Labs disclosed a collection of 22 security vulnerabilities on April 21, 2026, affecting serial-to-IP converters manufactured by Lantronix and Silex Technology. Collectively titled BRIDGE:BREAK, these flaws expose approximately 20,000 devices globally to potential remote exploitation, including unauthorized access, data interception, and full system compromise. The discovery highlights persistent security challenges in legacy hardware integration within modern networked environments.
Serial-to-IP converters are critical infrastructure components used to connect legacy serial-based equipment—such as industrial sensors, medical devices, and point-of-sale systems—to modern Ethernet or Wi-Fi networks. The BRIDGE:BREAK research highlights significant security gaps in how these devices handle network traffic and administrative functions. Of the 22 identified vulnerabilities, 11 reside in Lantronix firmware and 11 in Silex Technology firmware. These devices are often overlooked in standard IT security audits despite their role in bridging physical operations with digital management systems.
Technical analysis reveals that the vulnerabilities range from critical buffer overflows to the use of hardcoded credentials and insecure configuration protocols. Specifically, researchers found that Lantronix devices, including the xPort and EDS families, contain flaws in their web-based management interfaces and Telnet services. These flaws allow an unauthenticated attacker to execute arbitrary code or bypass authentication mechanisms entirely. In the case of Silex Technology, models such as the SD-300 and SX-BR-4600 are affected by vulnerabilities in their discovery protocols and administrative consoles, which can be leveraged to gain root-level access.
Data from internet-wide scanning tools indicates that 19,842 unique devices are currently exposed to the public internet. The geographic distribution of these devices is widespread, with the highest concentrations found in the United States, Japan, and Germany. Affected sectors include healthcare, where converters connect patient monitors to hospital networks; manufacturing, where they bridge programmable logic controllers (PLCs); and retail, where they facilitate communication for legacy credit card terminals and inventory scanners.
The impact of a successful BRIDGE:BREAK exploitation is severe. Because these devices sit at the intersection of physical operations and digital networks, a compromised converter can serve as a persistent entry point for lateral movement within a corporate or industrial network. Furthermore, attackers can manipulate the data passing through the converter, potentially altering sensor readings in a factory or patient data in a clinical setting without triggering immediate alarms. This capability for silent data tampering poses a significant risk to operational integrity.
As of April 21, 2026, both Lantronix and Silex Technology have been notified of the findings. Lantronix has released firmware updates for several affected models, including version 7.0.0.4 for the xPort series, to address the most critical flaws. Silex Technology has issued security advisories and recommended that users disable unused services such as Telnet and implement strict access control lists (ACLs) to limit device exposure. Security professionals are advised to move these devices behind firewalls and utilize virtual private networks (VPNs) for remote management to mitigate the risk of exploitation.