The Security gateway allows the iTM and LC8 controllers to connect through the Security gateway to the Daikin Cloud Service. Instead of sending the report to the router directly, the iTM or LC8 controller sends the report to the Security gateway first. The Security gateway transforms the report format from http to https and then sends the transformed https report to the Daikin Cloud Service via the router. Built-in LAN adapter enabling online control.
The Daikin Security Gateway exposes a critical vulnerability in its password reset API endpoint. Due to an IDOR flaw, an unauthenticated attacker can send a crafted POST request to this endpoint, bypassing authentication mechanisms. Successful exploitation resets the system credentials to the default Daikin:Daikin username and password combination. This allows attackers to gain unauthorized access to the system without prior credentials, potentially compromising connected devices and networks.