Lucene search

MitreCVE-2018-11629

HistoryJun 02, 2018 - 1:29 p.m.

CVE-2018-11629

2018-06-0213:29:00

CWE-798

mitre

web.nvd.nist.gov

cve

2018

11629

default credentials

unremovable support credentials

iot device

telnet session

homeworks qs lutron integration

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine

Affected configurations

Nvd

Node

lutronstanza_firmwareMatch-

AND

lutronstanzaMatch-

Node

lutronradiora_2_firmwareMatch-

AND

lutronradiora_2Match-

Node

lutronhomeworks_qs_firmwareMatch-

AND

lutronhomeworks_qsMatch-

VendorProductVersionCPE
lutronstanza_firmware-cpe:2.3:o:lutron:stanza_firmware:-:*:*:*:*:*:*:*
lutronstanza-cpe:2.3:h:lutron:stanza:-:*:*:*:*:*:*:*
lutronradiora_2_firmware-cpe:2.3:o:lutron:radiora_2_firmware:-:*:*:*:*:*:*:*
lutronradiora_2-cpe:2.3:h:lutron:radiora_2:-:*:*:*:*:*:*:*
lutronhomeworks_qs_firmware-cpe:2.3:o:lutron:homeworks_qs_firmware:-:*:*:*:*:*:*:*
lutronhomeworks_qs-cpe:2.3:h:lutron:homeworks_qs:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lutron	stanza_firmware	-	cpe:2.3:o:lutron:stanza_firmware:-:::::::*
lutron	stanza	-	cpe:2.3:h:lutron:stanza:-:::::::*
lutron	radiora_2_firmware	-	cpe:2.3:o:lutron:radiora_2_firmware:-:::::::*
lutron	radiora_2	-	cpe:2.3:h:lutron:radiora_2:-:::::::*
lutron	homeworks_qs_firmware	-	cpe:2.3:o:lutron:homeworks_qs_firmware:-:::::::*
lutron	homeworks_qs	-	cpe:2.3:h:lutron:homeworks_qs:-:::::::*

References

sadfud.me/explotos/CVE-2018-11629

www.lutron.com/TechnicalDocumentLibrary/040249.pdf

reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

Related for CVE-2018-11629