CVE-2018-11682

Name of the Vulnerable Software and Affected Versions Stanza Lutron integration protocol versions Revision M through Revision Y

Description The issue allows attackers to gain total super user control of an IoT device through a TELNET session. This is made possible by default and unremovable support credentials. The vendor disputes this issue, stating that the accessible commands are limited to controlling lighting and do not allow code execution or admin-level control of a machine.

Recommendations For versions Revision M through Revision Y, consider restricting access to the TELNET session as a temporary workaround until a more permanent solution is available. Additionally, limiting the use of support credentials can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.