VYPR
Vendor

Lutron

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2018-11682CriJun 2, 2018
    risk 0.64cvss 9.8epss 0.04

    Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a…

  • CVE-2018-11681CriJun 2, 2018
    risk 0.64cvss 9.8epss 0.04

    Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id…

  • CVE-2018-11629CriJun 2, 2018
    risk 0.64cvss 9.8epss 0.04

    Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor…

  • CVE-2018-8880HigApr 23, 2018
    risk 0.53cvss 7.5epss 0.14

    Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.

  • CVE-2018-7276HigFeb 21, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.