THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2018-11682

Reserved:2018-06-02
Published:2018-06-02
Updated:2024-06-10

Description

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine

References

http://sadfud.me/explotos/CVE-2018-11629

https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/

http://www.lutron.com/TechnicalDocumentLibrary/040249.pdf

cve.org CVE-2018-11682

nvd.nist.gov CVE-2018-11682

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2018-11682