CISA has published an advisory on a missing authentication for critical function vulnerability in Honeywell IP-AK2. Versions 1.04.07 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to download configuration files directly through a URL without authentication, exposing configuration and authorized visitor information. Honeywell released new firmware Version 1.04.15 and recommends affected users contact Honeywell customer support to resolve the issue. CISA also recommends a list of actions to mitigate this vulnerability. Read the advisory at CISA.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE