2 matches found
CVE-2018-9162
Contec Smart Home 4.15 devices do not require authentication for newuser.php, edituser.php, deleteuser.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors...
CVE-2018-9162
Contec Smart Home 4.15 devices are affected by an authentication bypass in the web interfaces (new_user.php, edit_user.php, delete_user.php, and user.php). The root issue is that these endpoints do not require authentication, allowing an attacker to change the administrator password and gain cont...