Lucene search
K

11 matches found

NVD
NVD
added 2026/05/29 4:16 p.m.13 views

CVE-2018-25396

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.31 views

CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.2 views

CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

5.3CVSS5.7AI score0.00129EPSS
Exploits1References2
CVE
CVE
added 2026/04/12 12:28 p.m.14 views

CVE-2019-25708

Heatmiser Wifi Thermostat 1.7 is affected by a cross-site request forgery (CSRF) that lets an attacker change administrator credentials by deceiving an authenticated user into submitting a crafted request to networkSetup.htm with parameters usnm, usps, and cfps. This can modify the admin username...

5.3CVSS5.7AI score0.00129EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/01/23 12:0 a.m.5 views

Shelly TRV Security Vulnerability

Shelly TRV is a Wi-Fi connected radiator thermostat from Shelly. A security vulnerability exists in Shelly TRV version 20220811-152343 v2.1.8, which stems from a lack of integrity checking and allows a malicious user to create a backdoor via redirection...

5.4CVSS6.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2023/01/20 5:15 p.m.5 views

CVE-2022-43704

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol udp/1024 commands interfacing directly with the target device. This, in turn, allows for...

5.9CVSS5.8AI score0.01868EPSS
Exploits2References1
exploitpack
exploitpack
added 2019/01/09 12:0 a.m.19 views

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Update Admin Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/01/09 12:0 a.m.31 views

Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery

Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/ Tested on:...

0.2AI score
Exploits0
0day.today
0day.today
added 2019/01/09 12:0 a.m.30 views

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/09 12:0 a.m.54 views

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/ Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/16 12:0 a.m.566 views

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure

Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Date: 2018-08-17 Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/...

7.4AI score
Exploits0
Rows per page
Query Builder