This vulnerability in enituretechnology Residential Address Detection (up to version 2.5.4) is caused by missing authorization checks, which results in incorrectly configured access control security levels. The CVSS 3.1 base score is 6.5 (medium), with network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact. The lack of authorization can allow an attacker to perform unauthorized actions affecting the integrity and availability of the system.

The vulnerability allows unauthorized users to exploit access control weaknesses, potentially leading to unauthorized modification or disruption of the Residential Address Detection service. Confidentiality is not impacted, but integrity and availability may be compromised. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, review and tighten access control configurations to ensure proper authorization enforcement. Monitor for vendor updates regarding patches or official mitigations.