Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by lutron
VAR-201806-0915
Vulnerability from variot - Updated: 2024-06-11 22:51Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. Stanza Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lutron Electronics radioRA2 and so on are a set of lighting control systems of Lutron Electronics (Lutron Electronics) in the United States. A trust management issue vulnerability exists in Lutron radioRA2, stanza, and HomeworkQS due to the user's inability to disable the default hard-coded credentials in products using this protocol. An attacker could exploit this vulnerability to take control of the device through a TELNET session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0915",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "radiora 2",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "stanza",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "homeworks qs",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "homeworks qs",
"scope": null,
"trust": 0.8,
"vendor": "lutron",
"version": null
},
{
"model": "radiora 2",
"scope": null,
"trust": 0.8,
"vendor": "lutron",
"version": null
},
{
"model": "stanza",
"scope": null,
"trust": 0.8,
"vendor": "lutron",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:stanza_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:stanza:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:radiora_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:radiora_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:homeworks_qs_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"cve": "CVE-2018-11682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-11682",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121566",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-11682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11682",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-001",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121566",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-11682",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. Stanza Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lutron Electronics radioRA2 and so on are a set of lighting control systems of Lutron Electronics (Lutron Electronics) in the United States. A trust management issue vulnerability exists in Lutron radioRA2, stanza, and HomeworkQS due to the user\u0027s inability to disable the default hard-coded credentials in products using this protocol. An attacker could exploit this vulnerability to take control of the device through a TELNET session",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11682"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11682",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-97787",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-121566",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-11682",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"id": "VAR-201806-0915",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121566"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-11T22:51:41.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.lutron.com/en-us/pages/default.aspx"
},
{
"title": "Exploits",
"trust": 0.1,
"url": "https://github.com/sadfud/exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://sadfud.me/explotos/cve-2018-11629"
},
{
"trust": 2.6,
"url": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/"
},
{
"trust": 1.8,
"url": "http://www.lutron.com/technicaldocumentlibrary/040249.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11682"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11682"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sadfud/exploits"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-121566"
},
{
"date": "2018-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"date": "2018-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"date": "2018-06-02T13:29:00.323000",
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-121566"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11682"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-001"
},
{
"date": "2024-06-10T18:15:18.183000",
"db": "NVD",
"id": "CVE-2018-11682"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stanza Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-001"
}
],
"trust": 0.6
}
}
VAR-201806-0914
Vulnerability from variot - Updated: 2024-06-05 23:25Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. RadioRA 2 Lutron integration Products that use the protocol are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lutron Electronics radioRA2 and so on are a set of lighting control systems of Lutron Electronics (Lutron Electronics) in the United States. A trust management issue vulnerability exists in Lutron radioRA2, stanza, and HomeworkQS due to the user's inability to disable the default hard-coded credentials in products using this protocol. An attacker could exploit this vulnerability to take control of the device through a TELNET session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0914",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "radiora 2",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "stanza",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "homeworks qs",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "homeworks qs",
"scope": null,
"trust": 0.8,
"vendor": "lutron",
"version": null
},
{
"model": "radiora 2",
"scope": null,
"trust": 0.8,
"vendor": "lutron",
"version": null
},
{
"model": "stanza",
"scope": null,
"trust": 0.8,
"vendor": "lutron",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:stanza_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:stanza:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:radiora_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:radiora_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:homeworks_qs_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"cve": "CVE-2018-11681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-11681",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121565",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-11681",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11681",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121565",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-11681",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. RadioRA 2 Lutron integration Products that use the protocol are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lutron Electronics radioRA2 and so on are a set of lighting control systems of Lutron Electronics (Lutron Electronics) in the United States. A trust management issue vulnerability exists in Lutron radioRA2, stanza, and HomeworkQS due to the user\u0027s inability to disable the default hard-coded credentials in products using this protocol. An attacker could exploit this vulnerability to take control of the device through a TELNET session",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULMON",
"id": "CVE-2018-11681"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11681",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-97786",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-121565",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-11681",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"id": "VAR-201806-0914",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121565"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-05T23:25:59.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.lutron.com/en-us/pages/default.aspx"
},
{
"title": "Exploits",
"trust": 0.1,
"url": "https://github.com/sadfud/exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://sadfud.me/explotos/cve-2018-11629"
},
{
"trust": 2.6,
"url": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/"
},
{
"trust": 1.8,
"url": "http://www.lutron.com/technicaldocumentlibrary/040249.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11681"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11681"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sadfud/exploits"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-121565"
},
{
"date": "2018-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"date": "2018-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"date": "2018-06-02T13:29:00.277000",
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-121565"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11681"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-002"
},
{
"date": "2024-06-04T19:16:56.400000",
"db": "NVD",
"id": "CVE-2018-11681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RadioRA 2 Lutron integration Vulnerabilities related to the use of hard-coded credentials in products that use protocols",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-002"
}
],
"trust": 0.6
}
}
VAR-201806-0950
Vulnerability from variot - Updated: 2024-05-17 22:47Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. HomeWorks QS Lutron integration Products that use the protocol are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lutron Electronics radioRA2 and so on are a set of lighting control systems of Lutron Electronics of the United States. There is a trust management vulnerability in Lutron radioRA2, stanza, and HomeworkQS, which originates from the program with default credentials that cannot be removed (user: lutron, password: integration). An attacker could use this vulnerability to control IoT devices as a superuser
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0950",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "homeworks qs",
"scope": null,
"trust": 2.4,
"vendor": "lutron",
"version": null
},
{
"model": "radiora 2",
"scope": null,
"trust": 2.4,
"vendor": "lutron",
"version": null
},
{
"model": "stanza",
"scope": null,
"trust": 2.4,
"vendor": "lutron",
"version": null
},
{
"model": "radiora 2",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "stanza",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
},
{
"model": "homeworks qs",
"scope": "eq",
"trust": 1.6,
"vendor": "lutron",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:stanza_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:stanza:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:radiora_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:radiora_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:homeworks_qs_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"cve": "CVE-2018-11629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-11629",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 2.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121507",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121565",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121566",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-11629",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11629",
"trust": 3.4,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-003",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121507",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121565",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121566",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-11629",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine. HomeWorks QS Lutron integration Products that use the protocol are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lutron Electronics radioRA2 and so on are a set of lighting control systems of Lutron Electronics of the United States. \nThere is a trust management vulnerability in Lutron radioRA2, stanza, and HomeworkQS, which originates from the program with default credentials that cannot be removed (user: lutron, password: integration). An attacker could use this vulnerability to control IoT devices as a superuser",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11629"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11629",
"trust": 4.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-97783",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-121507",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201806-002",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-97786",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-121565",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201806-001",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-97787",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-121566",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-11629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"id": "VAR-201806-0950",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
}
],
"trust": 0.03
},
"last_update_date": "2024-05-17T22:47:44.239000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 2.4,
"url": "http://www.lutron.com/en-us/pages/default.aspx"
},
{
"title": "Exploits",
"trust": 0.1,
"url": "https://github.com/sadfud/exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 3.7
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://sadfud.me/explotos/cve-2018-11629"
},
{
"trust": 4.4,
"url": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/"
},
{
"trust": 2.0,
"url": "http://www.lutron.com/technicaldocumentlibrary/040249.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11682"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11682"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11681"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11681"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11629"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11629"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sadfud/exploits"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121507"
},
{
"db": "VULHUB",
"id": "VHN-121565"
},
{
"db": "VULHUB",
"id": "VHN-121566"
},
{
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-121507"
},
{
"date": "2018-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-121565"
},
{
"date": "2018-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-121566"
},
{
"date": "2018-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"date": "2018-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"date": "2018-06-02T13:29:00.230000",
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-121507"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-121565"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-121566"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11629"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006143"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006142"
},
{
"date": "2018-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006141"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-003"
},
{
"date": "2024-05-17T01:22:37.407000",
"db": "NVD",
"id": "CVE-2018-11629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stanza Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-003"
}
],
"trust": 0.6
}
}
VAR-201802-1266
Vulnerability from variot - Updated: 2023-12-18 13:48An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. Lutron Quantum BACnet Integration is a lighting control system developed by Lutron Electronics in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quantum bacnet integration",
"scope": "eq",
"trust": 2.4,
"vendor": "lutron",
"version": "3.2.243"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:quantum_bacnet_integration_firmware:3.2.243:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:quantum_bacnet_integration:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7276"
}
]
},
"cve": "CVE-2018-7276",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7276",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137308",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7276",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7276",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-770",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137308",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137308"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. Lutron Quantum BACnet Integration is a lighting control system developed by Lutron Electronics in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "VULHUB",
"id": "VHN-137308"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7276",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-770",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-137308",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137308"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"id": "VAR-201802-1266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137308"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:48:21.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.lutron.com/en-us/pages/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137308"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "NVD",
"id": "CVE-2018-7276"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://misteralfa-hack.blogspot.com/2018/02/bacnet-entrando-en-materia.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7276"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7276"
},
{
"trust": 0.8,
"url": "http://misteralfa-hack.blogspot.jp/2018/02/bacnet-entrando-en-materia.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137308"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137308"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-137308"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"date": "2018-02-21T01:29:00.263000",
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"date": "2018-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137308"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002410"
},
{
"date": "2018-03-18T11:08:46.907000",
"db": "NVD",
"id": "CVE-2018-7276"
},
{
"date": "2018-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lutron Quantum BACnet Integration Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002410"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-770"
}
],
"trust": 0.6
}
}
VAR-201804-1289
Vulnerability from variot - Updated: 2023-12-18 12:56Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. Lutron Quantum BACnet Integration is a lighting control system developed by Lutron Electronics in the United States. There is a security vulnerability in Lutron Quantum BACnet Integration version 2.0 using firmware version 3.2.243. The vulnerability stems from the fact that the program does not properly verify the user's request before displaying /deviceIP information. Attackers can exploit this vulnerability to obtain network information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quantum bacnet integration",
"scope": "eq",
"trust": 2.4,
"vendor": "lutron",
"version": "3.2.243"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lutron:quantum_bacnet_integration_firmware:3.2.243:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lutron:quantum_bacnet_integration:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8880"
}
]
},
"cve": "CVE-2018-8880",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8880",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-138912",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8880",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8880",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1341",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138912",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138912"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn\u0027t check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. Lutron Quantum BACnet Integration is a lighting control system developed by Lutron Electronics in the United States. There is a security vulnerability in Lutron Quantum BACnet Integration version 2.0 using firmware version 3.2.243. The vulnerability stems from the fact that the program does not properly verify the user\u0027s request before displaying /deviceIP information. Attackers can exploit this vulnerability to obtain network information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "VULHUB",
"id": "VHN-138912"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-138912",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138912"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8880",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "44488",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1341",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-97794",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-138912",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138912"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"id": "VAR-201804-1289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138912"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:59.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.lutron.com/en-us/pages/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138912"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "NVD",
"id": "CVE-2018-8880"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://sadfud.me/explotos/deviceip.txt"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/44488/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8880"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8880"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138912"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138912"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-138912"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"date": "2018-04-23T18:29:01.037000",
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"date": "2018-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-138912"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004486"
},
{
"date": "2018-05-25T15:39:31.343000",
"db": "NVD",
"id": "CVE-2018-8880"
},
{
"date": "2018-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lutron Quantum BACnet Integration Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1341"
}
],
"trust": 0.6
}
}