10 matches found
CVE-2018-25396
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
EUVD-2018-21918
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
CVE-2018-25396
The affected product is Heatmiser Wifi Thermostat 1.7. The vulnerability is a credential disclosure on the networkSetup.htm page, allowing unauthenticated attackers to retrieve plaintext administrative credentials from HTML form fields to gain administrative access. The root cause described is ex...
Heatmiser Wifi Thermostat 安全漏洞
The Heatmiser Wifi Thermostat is a smart temperature control device from the British company Heatmiser, capable of wireless connection and remote control. Version 1.7 of the Heatmiser Wifi Thermostat contains a security vulnerability. This vulnerability stems from accessing the networkSetup.htm...
PT-2026-44874
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
EUVD-2019-20139
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
CVE-2019-25708
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
Heatmiser Wifi Thermostat 跨站请求伪造漏洞
The Heatmiser Wifi Thermostat is an intelligent temperature control device from the British company Heatmiser, capable of wireless connection and remote control. Version 1.7 of the Heatmiser Wifi Thermostat contains a cross-site request forgery vulnerability. This vulnerability stems from...
PT-2026-32170
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...