Avation Light Engine Pro

Summary

Successful exploitation of this vulnerability could allow an attacker to take full control of the device.

The following versions of Avation Light Engine Pro are affected:

Light Engine Pro vers:all/* (CVE-2026-1341)

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.8	Avation	Avation Light Engine Pro	Missing Authentication for Critical Function

Background

Critical Infrastructure Sectors: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Australia

Vulnerabilities

Expand All +

CVE-2026-1341

Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.

View CVE Details

Affected Products

Vendor:
Avation

Product Version:
Avation Light Engine Pro: vers:all/*

Product Status:
known_affected

Remediations

Vendor fix
Avation has not responded to CISA’s request to coordinate. Users of Avation Light Engine Pro are encouraged to contact Avation for more information.

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version

Base Score

Base Severity

Vector String[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Avation Light Engine Pro

← Synectix LAN 232 TRIO

RISS SRL MOMA Seismic Station →

Avation Light Engine Pro

Summary

Background

Vulnerabilities

CVE-2026-1341

Affected Products

Avation Light Engine Pro

Remediations

Metrics

Read the original article:

Like this:

Related

Summary

Background

Vulnerabilities

CVE-2026-1341

Affected Products

Avation Light Engine Pro

Remediations

Metrics

Read the original article:

Share this:

Like this:

Related

Post navigation