CVE-2023-36623

2023-07-0500:00:00

mitre

www.cve.org

loxone miniserver go

root password

vulnerability

privilege escalation

hard-coded secrets

mac address

0.0004 Low

EPSS

Percentile

5.1%

JSON

The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.

References

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-013.txt

www.syss.de/pentest-blog/root-zugang-zu-smarthome-server-loxone-miniserver-go-gen-2-syss-2023-004/-012/-013

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-36623