Login Sign Up

CVE-2018-11682

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2018-11682 involves hardcoded support credentials in Lutron IoT devices that allow attackers to gain administrative control through TELNET sessions. This affects Lutron lighting control systems using Stanza integration protocol revisions M through Y. The vendor disputes the severity, claiming the access only allows lighting control rather than full system compromise.

💻 Affected Systems

Products:
  • Lutron lighting control systems with Stanza integration
Versions: Protocol revisions M through Y
Operating Systems: Embedded systems in Lutron devices
Default Config Vulnerable: ⚠️ Yes
Notes: Vendor disputes vulnerability classification, claiming access only allows lighting control functions

📦 What is this software?

Homeworks Qs Firmware by Lutron

View all CVEs affecting Homeworks Qs Firmware →

Radiora 2 Firmware by Lutron

View all CVEs affecting Radiora 2 Firmware →

Stanza Firmware by Lutron

View all CVEs affecting Stanza Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain complete administrative control of IoT devices, potentially enabling lateral movement to other systems, disruption of critical lighting infrastructure, or data exfiltration.

🟠

Likely Case

Unauthorized users gain access to lighting control systems, allowing them to manipulate lighting settings, potentially causing operational disruptions or safety issues in controlled environments.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to lighting control manipulation without broader system compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to TELNET service on affected devices

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://www.lutron.com/TechnicalDocumentLibrary/040249.pdf

Restart Required: No

Instructions:

No official patch available. Consult vendor documentation for protocol updates or configuration changes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Lutron devices on separate VLANs with strict firewall rules

Disable TELNET Service

all

Disable TELNET service if not required for operations

🧯 If You Can't Patch

  • Implement strict network access controls to limit TELNET access to authorized IPs only
  • Monitor TELNET authentication attempts and failed logins

🔍 How to Verify

Check if Vulnerable:

Attempt TELNET connection to Lutron device on default port and test default credentials

Check Version:

Check device firmware version through Lutron interface or documentation

Verify Fix Applied:

Verify TELNET service is disabled or requires proper authentication

📡 Detection & Monitoring

Log Indicators:

  • Failed TELNET authentication attempts
  • Successful TELNET logins from unusual sources

Network Indicators:

  • TELNET traffic to Lutron devices from unauthorized sources
  • Unusual TELNET command patterns

SIEM Query:

source_port:23 AND (destination_ip:LUTRON_DEVICE_IP OR destination_hostname:*lutron*)

📊 Metadata

CVE ID: CVE-2018-11682
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: June 2, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-11682, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)