Privilege escalation vulnerability in Lunar

Posted date 08/05/2024
4 - High
Affected Resources

Lunar, versions from 6.0.2 to earlier than 6.6.0.


INCIBE has coordinated the publication of a high severity vulnerability affecting Lunar, an intelligent adaptive brightness software for its external monitors, versions from 6.0.2 to the one before 6.6.0, which has been discovered by Carlos Polop Martin.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-3507: 7.7 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N | CWE-269.

Vulnerability fixed in version 6.6.0, released in February 2024. For more information, see the link in the references.


CVE-2024-3507: improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.