CVE-2018-25396

The affected product is Heatmiser Wifi Thermostat 1.7. The vulnerability is a credential disclosure on the networkSetup.htm page, allowing unauthenticated attackers to retrieve plaintext administrative credentials from HTML form fields to gain administrative access. The root cause described is ex...

CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

PT-2026-44874

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

PT-2026-32170

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

CVE-2019-25322

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...

CVE-2019-25322 Heatmiser Netmonitor 3.03 - Hardcoded Credentials

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...

CVE-2019-25322

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...

PT-2026-7922

Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...

Heatmiser Netmonitor 信任管理问题漏洞

Heatmiser Netmonitor is a thermostat system controller developed by the Heatmiser company. Version 3.03 of Heatmiser Netmonitor contains a vulnerability related to trust management. This vulnerability arises from hard-coded credentials on the networksetup.htm page, which may allow unauthorized...