Incomplete whitelist enforcement in the CROWN REST interface allows unauthenticated attackers to modify critical device settings and network configurations.

Certain internal testing directories were omitted from the CROWN REST interface's security whitelist. This allows an unauthenticated attacker to access these directories and upload manipulated parameter files. These files become active after a system reboot, allowing the attacker to change network configurations and application parameters.

An attacker could use this flaw to permanently alter the behavior of the device, potentially locking out legitimate administrators or diverting data to attacker-controlled servers. This leads to long-term persistence and significant operational disruption. The CVSS score of 9.4 reflects the high impact on integrity and availability.

Immediate Action: Update the CROWN software to the latest version to ensure all REST endpoints are properly covered by the security whitelist.

Proactive Monitoring: Monitor for unauthorized file uploads to the REST interface and audit device configuration changes after every reboot.

Compensating Controls: Implement strict network access control lists (ACLs) to ensure only authorized workstations can communicate with the CROWN REST interface.

Public Exploit Available: No

Bypassing whitelists in management interfaces is a critical risk. Organizations must ensure that all testing and debugging interfaces are either removed from production builds or strictly authenticated. Apply the vendor's patch immediately to close this unauthorized access path.