1. Home
  2. CVE Database
  3. CVE-2018-11682
CRITICAL · 9.8

CVE-2018-11682

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision...

Vulnerability Description

Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LutronStanza Firmware-
LutronStanza-
LutronRadiora 2 Firmware-
LutronRadiora 2-
LutronHomeworks Qs Firmware-
LutronHomeworks Qs-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2018-11682?

CVE-2018-11682 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision...

How severe is CVE-2018-11682?

CVE-2018-11682 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-11682?

Check the references section above for vendor advisories and patch information. Affected products include: Lutron Stanza Firmware, Lutron Stanza, Lutron Radiora 2 Firmware, Lutron Radiora 2, Lutron Homeworks Qs Firmware.