Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function
Vulnerability Description
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Network Thermostat X-Series WiFi thermostats 访问控制错误漏洞
Vulnerability Description
Network Thermostat X-Series WiFi thermostats是美国Network Thermostat公司的一款WiFi只能恒温器。 Network Thermostat X-Series WiFi thermostats存在访问控制错误漏洞,该漏洞源于嵌入式Web服务器允许未经授权攻击者通过操纵特定元素重置用户凭据。
CVSS Information
N/A
Vulnerability Type
N/A