Default and Unremovable Support Credentials in Stanza Lutron Integration Protocol Allow Total Super User Control

Default and Unremovable Support Credentials in Stanza Lutron Integration Protocol Allow Total Super User Control

CVE-2018-11682 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine

Learn more about our Iot Penetration Testing.