![]() ![]() We are currently unaware of a solution for these issues. It takes care of everyday tasks around the home so that you have time for the more important things in life. Note that the two information disclosure vulnerabilities still exist in firmware version 6.3. A Loxone Smart Home is a home like no other. Solution Upgrade the Loxone Smart Home Miniserver firmware to version 6.3 or later. Note that Nessus has not tested for these issues but has instead relied only on the devices's self-reported version number. Multiple denial of service vulnerabilities exist that can be exploited via SYN floods and malformed HTTP requests. ![]() The credentials are encrypted, but the key used for their decryption may be requested without authentication. ![]() An information disclosure vulnerability exists due to the program storing user credentials in an insecure manner. A stored cross-site scripting vulnerability exists due to improper validation of the content in the description field of a new task. Multiple reflected cross-site scripting vulnerabilities exist due to improper validation of HTTP requests. This allows an attacker to insert arbitrary HTTP headers to manipulate cookies and authentication status. Fully automated electrical, electronic & IT networks design and documentation for. An HTTP response splitting vulnerability exists due to a failure to properly validate input appended to the response header. LePlan - Loxone Smart Home design made easy. A cross-site request forgery (XSRF) vulnerability exists due to improper validation of HTTP requests. A remote attacker can exploit this to use one web page to load content from another, concealing the origin of a web site. Loxone Extension with three relay outputs free (could be on Miniserver, Extension, Relay extension or others like Shelly as well which would serve three independently addressed relays) And your good skills, tools and the ability to understand what you’re doing. A cross-frame scripting vulnerability exists due to improper restriction of JavaScript from one web page accessing another when the page originates from different domains. A remote man-in-the-middle attacker can read the transmitted data, resulting in the disclosure of device credentials. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to the device transmitting all data in cleartext. Description According to its banner, the remote Loxone Smart Home Miniserver device is a version prior to 6.3. A Loxone Smart Home features intelligent automation and intuitive control of the lighting, heating, security, multimedia, shading, energy management and more. Synopsis The remote device is affected by multiple vulnerabilities. ![]()
0 Comments
Leave a Reply. |