Loxone · Loxone Miniserver · CVE-2020-27488
Name of the Vulnerable Software and Affected Versions:
Loxone Miniserver versions prior to 11.1
Description:
The issue affects devices that cannot use an authentication method based on the `signature of the update package`. As a result, these devices, or attackers spoofing them, can continue to use an unauthenticated cloud service indefinitely. Once a device's firmware is updated and authentication occurs, the cloud service requires authentication for subsequent interactions, preventing spoofing.
Recommendations:
For versions prior to 11.1, update the firmware to version 11.1 or later to enable authentication based on the `signature of the update package` and prevent unauthorized access to the cloud service.