15 matches found
EUVD-2015-2936
Malware in sbrugna...
EUVD-2015-2935
Malware in sbrugna...
Honeywell equIP/Performance Series IP Cameras/Recorders Authentication Bypass Vulnerability
Description Honeywell Tuxedo Touch Controller is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Technologies Affected Honeywell BD3PR1 Honeywell...
Honeywell International Tuxedo Touch Security Bypass Vulnerability
Honeywell International Tuxedo Touch is a set of automation touch controllers for businesses and homes from Honeywell International, which can control cameras, thermostats, lamps, smart locks, shades, and more via the Web or a related app. A security vulnerability in previous versions of Honeywel...
Honeywell International Tuxedo Touch Cross-Site Request Forgery Vulnerability
Honeywell International Tuxedo Touch is a set of automation touch controllers for businesses and homes from Honeywell International, which can control cameras, thermostats, lamps, smart locks, shades, and more via the Web or a related app. A cross-site request forgery vulnerability exists in...
Pair of Bugs Open Honeywell Home Controllers Up to Easy Hacks
The accumulation of automation and Internet-connected devices in many homes these days has led observers to coin the term smart homes. But as researchers take a closer look at the security of these devices, they’re finding that what these homes really are is naive. The latest batch vulnerabilitie...
CVE-2015-2848
Cross-site request forgery CSRF vulnerability in Honeywell Tuxedo Touch before 5.2.19.0VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command...
CVE-2015-2847
Honeywell Tuxedo Touch before 5.2.19.0VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Honeywell Tuxedo Touch before 5.2.19.0VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command...
Authentication flaw
Honeywell Tuxedo Touch before 5.2.19.0VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream...
CVE-2015-2847
Honeywell Tuxedo Touch Controller (prior to 5.2.19.0_VA) is affected by CVE-2015-2847 due to client-side authentication performed in JavaScript. By intercepting and dropping USERACCT=… requests from the client-server data stream, a remote attacker can bypass authentication and access restricted p...
CVE-2015-2847
Honeywell Tuxedo Touch before 5.2.19.0VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream...
CVE-2015-2848
CVE-2015-2848 is a CSRF vulnerability in Honeywell Tuxedo Touch Controller, affecting all versions before 5.2.19.0_VA. A remote attacker can hijack the authentication of legitimate users to issue home-automation commands (e.g., door unlock) via forged requests. The issue is documented across mult...
CVE-2015-2848
Cross-site request forgery CSRF vulnerability in Honeywell Tuxedo Touch before 5.2.19.0VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command...
Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...