On April 21, 2026, cybersecurity researchers disclosed a collection of 22 security vulnerabilities, collectively identified as BRIDGE:BREAK, affecting serial-to-IP converters manufactured by Lantronix and Silex Technology. These devices serve as critical components in industrial and commercial environments, enabling legacy serial-based hardware to communicate over modern Internet Protocol networks. The flaws expose an estimated 20,000 devices globally to potential exploitation, including remote code execution and unauthorized data access.
The BRIDGE:BREAK vulnerabilities encompass a variety of technical weaknesses. Among the most severe are buffer overflows in the web-based management interfaces and command injection flaws within the network stacks. Researchers identified that several models, including the Lantronix xDirect, xPort, and UDS1100, contain hardcoded credentials that cannot be changed by the end-user. In the case of Silex Technology, the SD-300 and SD-310 serial device servers were found to have vulnerabilities in their implementation of the SNMP and Telnet protocols, which could allow an attacker to crash the device or execute arbitrary code.
Data from internet scanning platforms indicates that 19,842 unique IP addresses associated with these vulnerable devices are currently exposed to the public internet. The United States accounts for approximately 35 percent of these exposures, followed by Japan at 15 percent and Germany at 12 percent. The researchers emphasized that because these converters often sit at the intersection of operational technology and information technology networks, they represent a high-value target for threat actors seeking to pivot into sensitive internal environments.
Technical documentation released alongside the disclosure reveals that the vulnerabilities allow for the interception of cleartext serial data. In industrial settings, this could include commands sent to programmable logic controllers or data from medical monitoring equipment. The researchers demonstrated a proof-of-concept where an attacker could modify data packets in transit, potentially leading to physical malfunctions in connected machinery without triggering standard network alarms. This tampering capability is particularly concerning for sectors relying on precise telemetry, such as water treatment and energy distribution.
Both Lantronix and Silex Technology have responded to the findings. Lantronix has issued firmware updates for the xDirect and xPort product lines, specifically version 7.0.0.5 and 6.11.0.12, respectively. Silex Technology has released a security patch for the SD-300 series and recommended that users disable unused services such as Telnet and FTP. Security professionals are advised to conduct an immediate audit of their network perimeters to identify exposed serial-to-IP converters and apply the necessary patches or implement network segmentation to mitigate the risk of exploitation.