Vulnerabilities > CVE-2021-30126 - Unspecified vulnerability in Lightmeter Controlcenter

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

lightmeter

NVD

Published: 2021-04-02

Updated: 2021-04-09

Summary

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.

Vulnerable Configurations

Part	Description	Count
Application	Lightmeter Lightmeter Controlcenter 1.1.0 Lightmeter Controlcenter 1.2.0 Lightmeter Controlcenter 1.3.0 Lightmeter Controlcenter 1.4.0 Lightmeter Controlcenter 1.5.0	13

References

https://lightmeter.io/lightmeter-1-5-1-important-security-fixes/