In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the “admin panel” because there is no CSRF protection.
CPE | Name | Operator | Version |
---|---|---|---|
xgw_3000_zigbee_gateway_firmware | lt | 2.4.0 |