CVE-2020-11926

Name of the Vulnerable Software and Affected Versions Luvion Grand Elite 3 Connect through 2020-02-25

Description An issue was discovered that allows clients to authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, such as for a JavaScript file. The disclosed information also includes the SSID and WPA2 key for the Wi-Fi network the device is connected to.

Recommendations For Luvion Grand Elite 3 Connect through 2020-02-25, consider disabling the use of username and password for authentication until a patch is available. Restrict access to sensitive information, such as the SSID and WPA2 key, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.