CVE-2024-32754 LOW

CVE-2024-32754: Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information

Vendor Johnson Controls
Product Kantech KT1 Door Controller, Rev01
Weakness CWE-200 · Info exposure
Published July 4, 2024
Last update August 27, 2025

CVSS base score

3.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

Key dates

02Disclosure timeline

July 4, 2024 CVE published
August 27, 2025 Record updated