Paxton Paxton10 Twilio API Credential Exposure Vulnerability

Vulnerability

A vulnerability exists in the firmware of Paxton Paxton10 versions prior to 4.6 SR6. The issue arises from hard-coded credentials for the Twilio API embedded in the firmware file rootfs.tar.gz. A remote attacker who acquires this firmware can extract the credentials, potentially leading to unauthorized access to the Twilio account, with risks of information disclosure, service disruption, and misuse of Twilio services.

Impact

Exploitation of this vulnerability could result in unauthorized access to Twilio accounts, allowing attackers to misuse Twilio services, disrupt associated operations, and access confidential information.

Added: Jul 7, 2025, 4:32 PM

Updated: Jul 7, 2025, 4:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Paxton Paxton10 Twilio API Credential Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating