CVE-2020-11925

HIGH

Luvion Grand Elite 3 Connect Firmware - Insufficiently Protected Cr...

Title source: rule

Description

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.

References (2)

[Exploit, Third Party Advisory] https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitor/

[Mailing List] http://seclists.org/fulldisclosure/2024/Jul/14

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 52.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-521 CWE-522

Status published

Affected Products (1)

luvion/grand_elite_3_connect_firmware < 2020-02-25

Timeline

Published Apr 02, 2021

Tracked Since Feb 18, 2026