BRIDGE:BREAK: 22 Flaws Expose 20,000+ Serial-to-IP Converters to Takeover

Researchers disclosed 22 vulnerabilities, collectively dubbed BRIDGE:BREAK, affecting serial-to-IP converters manufactured by Lantronix and Silex. These devices act as bridges between legacy serial equipment and modern IP networks, and they are deployed widely across industrial control systems, medical equipment, building automation, and remote management infrastructure. More than 20,000 exposed devices have been identified, many reachable from the public internet.

The flaw classes span authentication bypass, hardcoded credentials, command injection, and memory corruption — the typical pattern in long-lived embedded firmware that predates modern secure-development practices. Exploitation lets an attacker pivot from the IP side of the bridge directly into whatever serial-attached gear sits behind it: PLCs, sensors, power controls, or management consoles that were never intended to face a network at all. That conversion of an isolation assumption into a remote-code-execution surface is the real impact, not any single CVE in isolation.

The exposure follows a familiar OT/IoT trajectory: devices designed for air-gapped environments get network-enabled for convenience, the bridging appliance becomes the weakest link, and patching cadence across thousands of field-deployed units lags by years. Operators running Lantronix or Silex converters should inventory deployments, pull them off the public internet, and segment them behind authenticated gateways until vendor firmware updates are applied.