CVE-2018-8880

HIGH

Lutron Quantum BACnet Integration <3.2.243 - Info Disclosure

Title source: llm

Description

Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.

Exploits (1)

exploitdb WORKING POC

by SadFud · pythonwebappshardware

https://www.exploit-db.com/exploits/44488

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://sadfud.me/explotos/deviceip.txt

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44488/

Scores

CVSS v3 7.5

EPSS 0.3661

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

lutron/quantum_bacnet_integration_firmware 3.2.243

Published Apr 23, 2018

Tracked Since Feb 18, 2026