2 matches found
CVE-2015-2848
CVE-2015-2848 is a CSRF vulnerability in Honeywell Tuxedo Touch Controller, affecting all versions before 5.2.19.0_VA. A remote attacker can hijack the authentication of legitimate users to issue home-automation commands (e.g., door unlock) via forged requests. The issue is documented across mult...
Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...