CVE-2020-27488

Name of the Vulnerable Software and Affected Versions: Loxone Miniserver versions prior to 11.1

Description: The issue affects devices that cannot use an authentication method based on the signature of the update package. As a result, these devices, or attackers spoofing them, can continue to use an unauthenticated cloud service indefinitely. Once a device's firmware is updated and authentication occurs, the cloud service requires authentication for subsequent interactions, preventing spoofing.

Recommendations: For versions prior to 11.1, update the firmware to version 11.1 or later to enable authentication based on the signature of the update package and prevent unauthorized access to the cloud service.