CVE-2020-27488
The CVE concerns Loxone Miniserver devices with firmware before 11.1 (11.1.9.3) that cannot use an authentication method based on the update package signature. This enables continued use of an unauthenticated cloud service by spoofed devices until a device is updated. Once a device’s firmware is ...