Lutron Quantum BACnet Integration 2.0 Firmware 3.2.243 - User Authentication Bypass and Internal Network Information Disclosure Vulnerability

Lutron Quantum BACnet Integration 2.0 Firmware 3.2.243 - User Authentication Bypass and Internal Network Information Disclosure Vulnerability

CVE-2018-8880 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.

Learn more about our Internal Network Penetration Testing.