In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
CPE | Name | Operator | Version |
---|---|---|---|
xgw_3000_zigbee_gateway_firmware | lt | 2.4.0 |