We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2018-11682



Description

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine

Reserved 2018-06-02 | Published 2018-06-02 | Updated 2024-08-05 | Assigner mitre

References

sadfud.me/explotos/CVE-2018-11629

reversecodes.wordpress.com/...-de-la-nasa-en-cabo-canaveral/

www.lutron.com/TechnicalDocumentLibrary/040249.pdf

cve.org (CVE-2018-11682)

nvd.nist.gov (CVE-2018-11682)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2018-11682

Support options

Helpdesk Chat, Email, Knowledgebase