CVE-2020-11925

Description

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.

Affected Software
References

Software	From	Fixed in
luvion / grand_elite_3_connect_firmware	-	2020-02-25.x

http://seclists.org/fulldisclosure/2024/Jul/14
https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitor/

Severity: High

CVE: CVE-2020-11925
Published: Apr 2, 2021
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High
Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

CWE-522

A2 - Broken Authentication

CVE-2020-11925

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10