11 matches found
CVE-2018-25396
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...
CVE-2019-25708
Heatmiser Wifi Thermostat 1.7 is affected by a cross-site request forgery (CSRF) that lets an attacker change administrator credentials by deceiving an authenticated user into submitting a crafted request to networkSetup.htm with parameters usnm, usps, and cfps. This can modify the admin username...
Shelly TRV Security Vulnerability
Shelly TRV is a Wi-Fi connected radiator thermostat from Shelly. A security vulnerability exists in Shelly TRV version 20220811-152343 v2.1.8, which stems from a lack of integrity checking and allows a malicious user to create a backdoor via redirection...
CVE-2022-43704
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol udp/1024 commands interfacing directly with the target device. This, in turn, allows for...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Update Admin Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/...
Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery
Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/ Tested on:...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/ Tested on:...
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Date: 2018-08-17 Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/...