Lutron
Products
4- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11682 | Cri | 0.64 | 9.8 | 0.04 | Jun 2, 2018 | Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a… | ||
| CVE-2018-11681 | Cri | 0.64 | 9.8 | 0.04 | Jun 2, 2018 | Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id… | ||
| CVE-2018-11629 | Cri | 0.64 | 9.8 | 0.04 | Jun 2, 2018 | Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor… | ||
| CVE-2018-8880 | Hig | 0.53 | 7.5 | 0.14 | Apr 23, 2018 | Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. | ||
| CVE-2018-7276 | Hig | 0.49 | 7.5 | 0.01 | Feb 21, 2018 | An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. |
- risk 0.64cvss 9.8epss 0.04
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a…
- risk 0.64cvss 9.8epss 0.04
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id…
- risk 0.64cvss 9.8epss 0.04
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor…
- risk 0.53cvss 7.5epss 0.14
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.