https://threatpost.com/home-automation-protocol-z-way-vulnerable-to-remote-attacks/112720
From the article:
After looking into the issue further Westergren learned via a RaZberry FAQ that Z-Way comes without authentication by default and that the service encourages users to protect their devices via alternative means, like "ngnix and other reverse proxy servers."
"It was interesting to find that the vendor was aware of the issue, yet relinquished themselves of dealing with it," Westergren wrote, "...while a user's LAN is supposed to be somewhat safe, this doesn't mean remote attacks are impossible."