Vulnerability Details CVE-2018-7276
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-7276
-
cpe:2.3:h:lutron:quantum_bacnet_integration:2.0
-
cpe:2.3:o:lutron:quantum_bacnet_integration_firmware:3.2.243