8 matches found
CVE-2018-25396
The affected product is Heatmiser Wifi Thermostat 1.7. The vulnerability is a credential disclosure on the networkSetup.htm page, allowing unauthenticated attackers to retrieve plaintext administrative credentials from HTML form fields to gain administrative access. The root cause described is ex...
CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
EUVD-2025-22544
Malicious code in bioql PyPI...
CVE-2025-6260
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset us...
CVE-2025-6260
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset us...
Bosch BCC101 Security Vulnerability
Bosch BCC101 is a thermostat from Bosch Germany. A security vulnerability exists in Bosch BCC101 versions v4.13.20 through v4.13.33, which stems from a vulnerability that allows an attacker to connect to the device over the same WiFi network...
Sinilink XY-WFT1 WiFi Remote Thermostat 安全漏洞
Sinilink XY-WFT1 WiFi Remote Thermostat is a remote thermostat from Sinilink. A security vulnerability exists in the Sinilink XY-WFT1 WiFi Remote Thermostat version 1.3.6, which stems from the lack of need to authenticate via a mobile application, allowing an attacker to bypass the expected...
PT-2015-6092 · Unknown · Thermostat
Name of the Vulnerable Software and Affected Versions: Thermostat versions prior to 2.0.0 Description: The issue allows local users to obtain user credentials by reading the web.xml configuration file due to world-readable permissions. Recommendations: For versions prior to 2.0.0, update to versi...