Security Vulnerabilities Known Issue: DXU service can accept unauthenticated settings changes Details CVE: CVE-2021-4333 Description: - The DXU service, when enabled, exposes endpoints that allow unauthenticated changes or queries to the device configuration. - This vulnerability allows malicious code to alter device settings or gain information about the device. - Wi-Fi passwords are not exposed by this vulnerability. Credit: Thanks to Cygenta Ltd. for discovering this issue. Mitigation: - Disable the DXU service. - Steps to disable: 1. Open DXU Agent. 2. Tap the more icon in the lower right corner. 3. Tap "Settings" on the black bar. 4. Tap "Settings" in the menu. 5. Uncheck the "Enable service" checkbox. Default Status: - On newer devices, like the Skorpio X5, the service is off by default. - On older devices, such as the DL-Axis, the service is on by default.