PT-2026-6040 · Avation · Avation Light Engine Pro
Souvik Kandar
·
Published
2026-02-03
·
Updated
2026-02-05
·
CVE-2026-1341
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Avation Light Engine Pro (affected versions not specified)
Description
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control, granting attackers full control over critical lighting infrastructure. The interface allows complete configuration and control without requiring any credentials.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avation Light Engine Pro