12 matches found
CVE-2019-20481
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...
CVE-2019-20480
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...
EUVD-2019-11024
Malware in sbrugna...
EUVD-2019-11025
Malware in sbrugna...
CVE-2019-20480
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...
CVE-2019-20481
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...
CVE-2019-20480
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...
CVE-2019-20481
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...
Cross site request forgery (csrf)
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...
CVE-2019-20480
CVE-2019-20480 affects the MIELE XGW 3000 ZigBee Gateway prior to version 2.4.0. The vulnerability is a lack of CSRF protection, allowing an authenticated admin user (or a malicious email) to trigger arbitrary changes in the device’s admin panel by visiting a malicious site. This can enable unaut...
CVE-2019-20481
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...
CVE-2019-20481
The connected Red Hat advisories confirm CVE-2019-20481 affects the Miele XGW 3000 ZigBee Gateway before 2.4.0, where the Password Change Function does not require the old password. This is stated to be exploitable in conjunction with CVE-2019-20480 (CSRF). The combined entries indicate an auth-r...