CVE-2019-13525

MEDIUM

Honeywell IP-AK2 Firmware < 1.04.07 - Unauthenticated Web Configuration Data Exposure

Title source: llm
STIX 2.1

Description

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-297-02

Scores

CVSS v3 5.3
EPSS 0.0125
EPSS Percentile 65.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-306
Status published
Products (1)
honeywell/ip-ak2_firmware < 1.04.07
Published Oct 25, 2019
Tracked Since Feb 18, 2026