Lutron Quantum Bacnet Integration Firmware vulnerabilities
2 known vulnerabilities affecting lutron/quantum_bacnet_integration_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-8880P2HIGHCVSS 7.5PoCv3.2.2432018-04-23
CVE-2018-8880 [HIGH] CWE-200 CVE-2018-8880: Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authenticati
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
nvd
CVE-2018-7276P3HIGHCVSS 7.5v3.2.2432018-02-21
CVE-2018-7276 [HIGH] CWE-200 CVE-2018-7276: An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.
nvd