CVE-2026-2330

Name of the Vulnerable Software and Affected Versions CROWN versions (affected versions not specified)

Description An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters. The vulnerability allows modification of critical device settings via the CROWN REST interface. The vulnerable component is the whitelist enforcement mechanism within the CROWN REST interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.