Back to CVE List

CVE-2019-25708

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
Heatmiser
Product
Heatmiser Wifi Thermostat

External References

Discussion (0)

Add Comment

No comments yet. Be the first!