Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Honeywell International Tuxedo Touch 跨站请求伪造漏洞
Vulnerability Description
Honeywell International Tuxedo Touch是美国霍尼韦尔国际(Honeywell International)公司的一套适用于企业和家庭的自动化触摸控制器,它可通过Web或相关的App控制摄像头、恒温器、灯具、智能锁、遮光帘等。 Honeywell International Tuxedo Touch 5.2.19.0_VA之前版本中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞以用户权限执行未授权操作,向家庭自动化设备发送命令。
CVSS Information
N/A
Vulnerability Type
N/A