VYPR

Quantum BACnet Integration

by Lutron

CVEs (2)

  • CVE-2018-8880HigApr 23, 2018
    risk 0.53cvss 7.5epss 0.14

    Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.

  • CVE-2018-7276HigFeb 21, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.