CVE-2020-11925

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.

Published: Apr 2, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-11925
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
luvion / grand_elite_3_connect_firmware	-	2020-02-25.x

http://seclists.org/fulldisclosure/2024/Jul/14
https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitor/

Vulnerability Database

290,018

CVE-2020-11925