CVE-2018-11629

** DISPUTED ** Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lutron:stanza_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lutron:stanza:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lutron:radiora_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lutron:radiora_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lutron:homeworks_qs_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*

Information

Published : 2018-06-02 06:29

Updated : 2019-06-27 11:15


NVD link : CVE-2018-11629

Mitre link : CVE-2018-11629


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

lutron

  • homeworks_qs_firmware
  • radiora_2
  • homeworks_qs
  • radiora_2_firmware
  • stanza_firmware
  • stanza