CVE-2018-25396
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Heatmiser | Heatmiser Wifi Thermostat | 1.7 | affected |
Weaknesses
- CWE-256: Plaintext Storage of a Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/45623
- https://www.vulncheck.com/advisories/heatmiser-wifi-thermostat-credential-disclosure-via-networksetup-htm
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.