Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentMitreVULNRICHMENT:CVE-2018-11682
HistoryJun 02, 2018 - 1:00 p.m.

CVE-2018-11682

2018-06-0213:00:00
mitre
github.com
2

AI Score

7.9

Confidence

Low

EPSS

0.005

Percentile

76.7%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:lutron:stanza:-:*:*:*:*:*:*:*"
    ],
    "vendor": "lutron",
    "product": "stanza",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cvelist 1
nvd 1
prion 1
cve 1
openvas 1
cvelist
cvelist
CVE-2018-11682
2018-06-02 13:00:00
nvd
nvd
CVE-2018-11682
2018-06-02 13:29:00
prion
prion
Design/Logic Flaw
2018-06-02 13:29:00
cve
cve
CVE-2018-11682
2018-06-02 13:29:00
openvas
openvas
Lutron Devices Default Credentials (Telnet)
2018-06-05 00:00:00

AI Score

7.9

Confidence

Low

EPSS

0.005

Percentile

76.7%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON
Related for VULNRICHMENT:CVE-2018-11682
cvelist1nvd1prion1cve1openvas1