Primary

Context

KUNBUS Revolution Pi Missing Authentication Vulnerability in Node-RED Server

Vulnerability

A vulnerability exists in KUNBUS Revolution Pi OS Bookworm 01/2025 and earlier, as well as in Revolution Pi PiCtory versions 2.5.0 through 2.11.1. The issue arises because authentication is not enabled by default for the Node-RED server. This lack of authentication allows unauthenticated remote attackers to gain full access to the Node-RED server and execute arbitrary commands on the underlying operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the Node-RED server, allowing attackers to execute arbitrary commands on the operating system.

Remediation

Users are advised to update the PiCtory package to version 2.12. The update can be downloaded from the KUNBUS Revolution Pi package repository. After updating, it is recommended to activate authentication on the Node-RED server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KUNBUS Revolution Pi Missing Authentication Vulnerability in Node-RED Server

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating