Simon Birngruber

Researcher fromUniversity of Applied Sciences Upper Austria Campus Hagenberg
#17043of 53,633
15.7Total CVSS
Vulnerabilities · 2
Medium
1
Critical
1
PT-2021-11397
9.8
2021-01-13
Loxone · Loxone Miniserver · CVE-2020-27488
Name of the Vulnerable Software and Affected Versions: Loxone Miniserver versions prior to 11.1 Description: The issue affects devices that cannot use an authentication method based on the `signature of the update package`. As a result, these devices, or attackers spoofing them, can continue to use an unauthenticated cloud service indefinitely. Once a device's firmware is updated and authentication occurs, the cloud service requires authentication for subsequent interactions, preventing spoofing. Recommendations: For versions prior to 11.1, update the firmware to version 11.1 or later to enable authentication based on the `signature of the update package` and prevent unauthorized access to the cloud service.
PT-2020-13392
5.9
2020-05-28
NetGear · Netgear R7800 · CVE-2020-13245
**Name of the Vulnerable Software and Affected Versions** NETGEAR R7000 versions 1.0.9.6 1.2.19 through 1.0.11.100 10.2.10 NETGEAR R6120 (affected versions not specified) NETGEAR R7800 (affected versions not specified) NETGEAR R6220 (affected versions not specified) NETGEAR R8000 (affected versions not specified) NETGEAR R6350 (affected versions not specified) NETGEAR R9000 (affected versions not specified) NETGEAR R6400 (affected versions not specified) NETGEAR RAX120 (affected versions not specified) NETGEAR R6400v2 (affected versions not specified) NETGEAR RBR20 (affected versions not specified) NETGEAR R6800 (affected versions not specified) NETGEAR XR300 (affected versions not specified) NETGEAR R6850 (affected versions not specified) NETGEAR XR500 (affected versions not specified) NETGEAR R7000P (affected versions not specified) **Description** The issue is related to Missing SSL Certificate Validation, which affects certain NETGEAR devices. **Recommendations** For NETGEAR R7000 versions 1.0.9.6 1.2.19 through 1.0.11.100 10.2.10, update to a version outside of this range to resolve the issue. For NETGEAR R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P, at the moment, there is no information about a newer version that contains a fix for this vulnerability.