Authentication Vulnerability in ICU Scandinavia Boomerang Device Receiver
CVE-2026-46459

5.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-46459?

The ICU Scandinavia Boomerang product has a security issue involving missing authentication in its device receiver endpoints. This vulnerability can be exploited by unauthenticated remote attackers, allowing them to access full facility configurations and potentially write unauthorized data to the sensor database. The issue has been addressed in version 2.4.18.029, ensuring enhanced security measures are in place to protect sensitive data.

Affected Version(s)

Boomerang 0 < 2.4.18.029

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marek Figielski (vanilla.pl)
.