Vulnerability Details CVE-2018-8880
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.442
EPSS Ranking 97.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-8880
-
cpe:2.3:h:lutron:quantum_bacnet_integration:2.0
-
cpe:2.3:o:lutron:quantum_bacnet_integration_firmware:3.2.243