Vulnerability: Hard-coded Secrets and MAC Address Calculation in Loxone Miniserver Go Gen.2

Vulnerability: Hard-coded Secrets and MAC Address Calculation in Loxone Miniserver Go Gen.2

CVE-2023-36623 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.

Learn more about our Cis Benchmark Audit For Server Software.