CVE-2019-20481

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...

Cross site request forgery (csrf)

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...

Design/Logic Flaw

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...

CVE-2019-20480

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...

CVE-2019-20480

CVE-2019-20480 affects the MIELE XGW 3000 ZigBee Gateway prior to version 2.4.0. The vulnerability is a lack of CSRF protection, allowing an authenticated admin user (or a malicious email) to trigger arbitrary changes in the device’s admin panel by visiting a malicious site. This can enable unaut...

CVE-2019-20481

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...

CVE-2019-20481

The connected Red Hat advisories confirm CVE-2019-20481 affects the Miele XGW 3000 ZigBee Gateway before 2.4.0, where the Password Change Function does not require the old password. This is stated to be exploitable in conjunction with CVE-2019-20480 (CSRF). The combined entries indicate an auth-r...

Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers

There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, ever...

Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers

There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, ever...

Philips Hue Bridge ZCL Heap Overflow Vulnerability

Philips Hue Bridge is a Philips smart home device bridge. A heap overflow vulnerability exists in Philips Hue Bridge's handling of very long ZCL strings, which can be exploited by a remote attacker to submit a special request and the application context to execute arbitrary code...

PT-2020-18883

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge model 2.X prior to and including version 1935144020 Description The issue is related to a Heap-based Buffer Overflow that occurs when handling a long ZCL string during the commissioning phase, resulting in remote code...

ASUS SmartHome Gateway HG100, WS-101 and TS-101 Denial of Service Vulnerabilities

ASUS SmartHome Gateway HG100 and others are products of ASUS, Taiwan, China.ASUS SmartHome Gateway HG100 is a smart home central control gateway device.ASUS WS-101 is a smart switch sensor.TS-101 is a temperature/humidity sensor. A security vulnerability exists in ASUS SmartHome Gateway HG100...

CVE-2019-15914

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks...

CVE-2019-15915

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack...

CVE-2019-15911

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and...

CVE-2019-15912

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks...

CVE-2019-15913

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages...

CVE-2019-15910

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack...

Information disclosure

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages...

Code injection

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack...