Login Sign Up

CVE-2020-27488

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Loxone Miniserver devices with vulnerable firmware cannot properly authenticate with cloud services, allowing attackers to spoof devices and potentially maintain unauthorized access indefinitely. This affects all Loxone Miniserver devices running firmware versions before 11.1 (specifically before 11.1.9.3).

💻 Affected Systems

Products:
  • Loxone Miniserver
Versions: All firmware versions before 11.1 (specifically before 11.1.9.3)
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with vulnerable firmware are affected by default; vulnerability is in the cloud authentication mechanism.

📦 What is this software?

Miniserver Gen 1 Firmware by Loxone

View all CVEs affecting Miniserver Gen 1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could permanently spoof legitimate devices, gaining unauthorized access to cloud services, potentially leading to data theft, device manipulation, or persistent backdoor access to home/building automation systems.

🟠

Likely Case

Attackers could impersonate legitimate devices to access cloud services, potentially intercepting or manipulating automation commands, though impact depends on specific cloud service functionality.

🟢

If Mitigated

With proper firmware updates, devices authenticate properly and spoofing becomes impossible, limiting impact to temporary unauthorized access until authentication occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires understanding of the cloud service protocol but doesn't require authentication to the device itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware 11.1 (specifically 11.1.9.3 or later)

Vendor Advisory: https://www.loxone.com/enen/security-cloud-dns/

Restart Required: Yes

Instructions:

1. Access Miniserver web interface
2. Navigate to System Settings > Update
3. Check for and install firmware version 11.1.9.3 or later
4. Device will restart automatically after update

🔧 Temporary Workarounds

Disable cloud services temporarily

all

Disable cloud connectivity until firmware can be updated

Access Miniserver web interface > System Settings > Cloud Services > Disable

🧯 If You Can't Patch

  • Segment Miniserver devices on isolated network segments
  • Implement strict firewall rules limiting cloud service communication to known legitimate endpoints only

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Miniserver web interface under System Settings > Information

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is 11.1.9.3 or later and that cloud authentication is functioning properly

📡 Detection & Monitoring

Log Indicators:

  • Multiple authentication failures from same device
  • Cloud service connections from unexpected IP addresses

Network Indicators:

  • Unusual cloud service traffic patterns
  • Suspicious DNS queries related to Loxone cloud services

SIEM Query:

source="loxone_miniserver" AND (event_type="auth_failure" OR cloud_connection="unexpected")

📊 Metadata

CVE ID: CVE-2020-27488
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: January 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27488, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)